I have ddos attack to our ip A.B.C.D yesterday.
Someone suggest me to post it here and I might get
advice from this newsgroup
1/ What's good methodology in blocking certain IP
address? ACL or strictly filtering list,
Which one is better?
or some other effective ways also?
2/ We could act immediately to block the IP address at
our firewall; but the load is still in our end (from
the machine A.B.C.D trasnfered to our firewall)
Then we also asked our uptream ISP to block it, the
load should be at their end.
How does ISP handle the sudden bandwidth resulted from
a DDOS attack.