Sophisticated DDOS attack
"First we moved the BGP IP prefix," said Gargula as he detailed the attack, "I tried to isolate legit human traffic from bot traffic and not to mix it up. We sacrificed one of their three BGP uplink layers as a 'canary' to test the sophistication of the attack. Then we changed the configuration for the IP uplink."
"How does moving the BGP IP prefix help?"
I believe they are refering to a sinkhole--a sacrificial router, in this case a BGP router, since BGP may not require much authentication. By configuring the sinkhole to "advertise routes with bogon destination addresses, you can set up a central trap for malicious traffic of all types" [Hacking Exposed 7: Network Security Secrets and Solutions, 2012]. Lists of bogon addresses can be found online: www.cymru.com/Bogons, slides
"And also, what other sophisticated DDOS techniques are there?"
There are a number of sophisticated DDoS techniques. DDoS leverages DoS methods using a distributed attack surface. Most of us probably know about SYN flood, where a syn packet is sent with a spoofed source address and the receiving system tries acknowledge it does not receive a response and is left with partial connection in a short queue that is easily disabled by flooding. Similarly, a UDP flood is designed and source IP addresses are often spoofed to target DNS servers which rely on the UDP protocol.
Reflective amplification is another DDoS attack (DRDoS) that again uses spoofing. Often botnets send the packets, the source address is the victim IP address, and the packets are sent to machines that try to respond to the victim simultaneously, generating a flood of packets sent to the victim. For example, DNS servers respond to small requests with a large amount of information and DNS amplification can overwhelm the victim's system.
Application-layer DDoS attacks use the same ideas at a higher level, such as the web level, rather than the transport or communication level. Here the goal of the attacker is to find an easy and short request that generates lots of work in the victim's API. For example, a single-word search request can eat up lots of cycles on the victim's machine. Or a database-driven site, might have pages that trigger database queries when the URL is requested. Now, the attacker can use just a few queries per second, either making the requests in a distributed manner or not, and bring the victim's machine grinding to a halt.
There is also a low-rate DoS attack where the attacker causes a TCP connection to enter a retransmit state. If enough connections enter this state, the victim's machine suffers declining performance.
See Hacking Exposed 7: Network Security Secrets & Solutions for more discussion of DDoS attacks. See Wikipedia for more attacks: https://en.wikipedia.org/wiki/Denial-of-service_attack