Web hosting/DDOS attack question

Hardware and technical stuff
1

We have a handful of web sites, plus our e-mail, hosted with Hostmonster. I have personal sites with them too, and so far we’ve had a really good experience with HM.

Yesterday things started getting wonky, and HM is telling me it’s because the server we’re on is being subjected to a DDOS attack that is targeting a specific IP address on that server. They are working feverishly, so they claim, to give every account on that server a separate IP address so that the damage will be isolated.

It made sense at the time, but now it occurs to me that if a DDOS attack is hammering ANY IP on the server, it’s going to affect every site hosted on that same machine.

Am I right, or do I just not know enough about the magic of IP addresses and/or resource allocation? It seems like it would make more sense to just un-assign the IP address that’s being targeted, if they know it.

2

There will be some overhead to the system as a whole, but it’s possible that the attack will fill up the connection queue for a particular IP address but leave other addresses unaffected since they have their own separate queues.

And unfortunately unassigning the IP address wouldn’t really help since then the legitimate users wouldn’t be able to reach it until the DNS change propagates, at which point the attackers now know what new address to start bombarding anyway.