On Sun, Aug 08, 2021 at 06:12:07PM +0300, Töma Gavrichenkov wrote: > > And yet these have techniques have been successfully deployed for many > > years. Not every address seen on the Internet is anycast. > > Not every address ever gets attacked, and when there's an attack, it isn't > _always_ complicated. > > And there's no incentive now for the criminals to do research in that > matter because with TCP working fine over anycast, it's too complicated to > overcome the traffic engineering obstacles. > > Take anycast out of the game, the situation would change. Which of the top 5, 10, 100 sites on the Internet use anycast? If Facebook, Amazon, Google, Wikipedia, etc., are using standard IPv4 and IPv6 endpoints and are *not* using anycast, and they have successly fielded defenses against DDOS's without using anycast, wouldn't that tend to blow a gigantic, gaping hole in your assertion? Cheers, - Ted
