About Linux FAQ

Browse More FAQs:

Linux Null route an attackers ip

Posted by Vivek Gite [Last updated: December 10, 2006]

Q. How do I null route an attakers IP under Red Hat Enterprise Linux? I would like to block unwanted traffic from a particular source.

A. A null route is a network route that goes nowhere. When a network packet is received by Linux (or UNIX or any other network device) operating system, it needs to route that packet somewhere. It uses the routing table to decide where to send the packet. To kill the packet, in essence dropping the packet and forbidding the packet from travelling further, a nullroute could be put in place.

There are two ways to achieve the same.
First find out attacker IP address from system log files such as
=> /var/log/messages
=> /var/log/secure
=> /var/log/auth

Use tail -f command to view incoming messages
# tail -f /var/log/messages
You can also use faillog command or combination of grep and awk to find out list of failed ssh login attempt.

Option #1: Using Iptables

Use following iptables rules:
# iptables --append INPUT --source IP-ADDRESS -j DROP

Add above rules to your iptables shell script. To drop bunch of IPs use something as follows in your shell script:
BADIPS="64.56.1.2 69.51.11.21 1.2.3.4"
for i in $BADIPS
do
iptables --append INPUT --source $i -j DROP
done

Option # 2: Using route command

See previous article for more information.

E-mail this to a friend      Printable version

Related Other Helpful FAQs:

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Copyright © 2006-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.