Re: route add to block IP's
From: Hugo van der Kooij (hvdkooij@vanderkooij.org)Date: 09/18/02
- Previous message: Joseph Monti: "route add to block IP's"
- In reply to: Joseph Monti: "route add to block IP's"
- Next in thread: Joseph Monti: "Re: route add to block IP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Sep 2002 09:08:59 +0200 (CEST) From: Hugo van der Kooij <hvdkooij@vanderkooij.org> To: Focus on Linux Mailing List <focus-linux@securityfocus.com>
On Fri, 13 Sep 2002, Joseph Monti wrote:
> I've been an unfortunate target of various script-kiddies/worms and have
> configured apache to perform something like this on all incoming requests
> containing bad URI's:
>
> route -n add <evil IP> gw <bogus local host>
If you want to blackhole them then do so properly.
route add -net <boys with toys> netmask <all of them> reject
> The only concern I have is will this cause performance problems? I've got
> about 10 so far and I just put it up about 24hrs ago.
Well doing it your way results in loads of router lookups, arp entries and
the lot where they are not needed.
However you will see loads of martians after you have done it this way ;-)
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
- Previous message: Joseph Monti: "route add to block IP's"
- In reply to: Joseph Monti: "route add to block IP's"
- Next in thread: Joseph Monti: "Re: route add to block IP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
