[birdman914]

You are correct on the ISP level. I am a network engineer for an ISP, we utilize Corero to monitor and mitigate DDoS attacks into our network. Since 99% of the time the DDoS is not targeted to us but rather the customer, I also kill the active IP addressing to their Modem/ONT, and configure that endpoint so it isn't allowed to pull an IP. Once the attack stops, re-config the endpoint and have it pull a new address.

[DanAtC]

That will stop overloading paths inside your network, but if your edge can't handle a 100 Gbps DDoS all your other customers still suffer.

Better to have the target blackholed upstream. Can usually be done with a BGP community of 666 if your peers support it.

[kijin]

Doesn't that simply mean that the customer loses connectivity, just as the attacker intended, for the duration of the attack?

From the ISP's point of view, you might have prevented an overload that could have affected other customers. From the customer's point of view, their service was denied all the same. Doesn't sound like anything has improved compared to 10-20 years ago.

[gsich]

In both cases the customer has no access. (or a very limited one)