Today I would like to talk about one technique that helps to mitigate DOS attack - RTBH. The technique is defined by RFC 5635 (2009) which is updated (and extension) of RFC 3882 (2004). As you see it’s quite old document and today we can find much better tools to mitigate such attacks. It isn’t complex technique, the configuration is very simple and the result of it is to send unwanted traffic to interface Null0 (silently drop) on the edge of your network. As you know, routers can easily route packets rather than analyze them and drop based on ACL entries. When DOS attack starts you can see huge number of packets that need to be processed by your router. Route all of them to the Null0 interface, requires less router resources when you compare with filtering based on access list. The main problem is that the technique is not much granular. You can choose source or destination IP, what means you will discard legitimate traffic too. You can’t block the traffic per flow