How do I Drop or block attackers IP with null routes?

Someone might attack on your system. You can drop attacker IP using IPtables. However one of our sr. sys admin highlighted something new for me. You can nullroute (like some time ISP do prevent your network device from sending any data to a remote system.) stopping various attacks coming from a single IP (read as spammers or hackers):

Suppose that bad IP is 65.21.34.4, type following command at shell:

# route add 70.126.142.72 127.0.0.1

You can verify it with following command:

# netstat -nr

This is cool, as you do not have to play with iptables rules.

Leave a Comment