| Re: Antispam Firm Blue Security Says Was Victim of Attack |
|---|
>>> With black-holing, an ISP essentially removes the advertised path to a
>>> particular Web site or IP address -- making it completely inaccessible to
>>> the outside world.
> This is completely incorrect. Black-holing is the process of
> announcing a more specific route for the host pointing it at a null0
> interface.
Doesn't that "make it completely inaccessible to the outside world"?
> In effect they superceded the DOS, and at that moment
> became the progenitor of a larger scale DOS against Blue
> Security. Been there, done that, many times. They mitgated bad
> traffic, but also denied good traffic.
But by blackholing the host's IP, they stopped saturating the
connection to the site. This allows all the other systems at the same
site to use the Internet. So they reduced an attack that was
affecting all the systems that shared the link to one that just
impacted a single host.
Blue Security was already effectively unusable, so it couldn't really
get much worse for them. But they made it better for everyone else in
the same data center.
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***