Route to nowhere - Blocking attackers using Nullroutes

4 February 2016

If someone attacks a linux-system, most administrator would block the ip-address of the attacker using iptables-rules. But there is another method to block the address of an attacker: nullroutes. Nullroutes are routes to nowhere

Routing to loopback

Its possible to just route traffic to the loopback interface:

route add ATTACKERS-IP gw lo

Rejecting route

Using the route-command we can also add a reject-router:

route add -host ATTACKERS-IP reject
[ Linux  Sysadmin  Security  Network  Firewall  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti