>> With black-holing, an ISP essentially removes the advertised path to a
>>> particular Web site or IP address -- making it completely inaccessible to
>>> the outside world.
> This is completely incorrect. Black-holing is the process of
> announcing a more specific route for the host pointing it at a null0 > interface.
Doesn't that "make it completely inaccessible to the outside world"?
In effect they superceded the DOS, and at that moment
> became the progenitor of a larger scale DOS against Blue
> Security. Been there, done that, many times. They mitgated bad
> traffic, but also denied good traffic.
But by blackholing the host's IP, they stopped saturating the connection to the site. This allows all the other systems at the same site to use the Internet. So they reduced an attack that was affecting all the systems that shared the link to one that just impacted a single host.
Blue Security was already effectively unusable, so it couldn't really get much worse for them. But they made it better for everyone else in the same data center.
Barry Margolin, snipped-for-privacy@alum.mit.edu Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group ***