I guess you've heard about the DDOS attacks by now. back in the late 90's or early 00's, Kyle Sparger and I came up with a mitigation idea, and the boss, Alvaro, agreed to it and found a provider with good gigabit connectivity to do it for us. basically, all we did was have a router in the remote datacenter, and when one of the computers in our datacenter was being DDOSed, we'd BGP-advertise its /24 on the remote router. whoosh! all the DDOS traffic went to the other datacenter, where it was just dropped on the floor because nothing was actually listening on that IP address, and our own network was unaffected. we floated the idea to other IT professionals at an InfraGard meeting, but I guess it was way over their heads. we were both pretty excited about it (at least I was; I think Kyle was), but when we got done speaking and asked for questions: silence.
I thought people would at least ask about the irresponsibility of advertising a /24 route out of a /16 or /17. but nope.
sometimes I wonder if other people/sites are doing this. it worked like a charm.
last updated 2016-10-21 18:49:41. served from tektonic.jcomeau.com