What is null routing and how to use it

There are times when a server admin has to re-route some of the traffic coming from specific IPs. This is called null routing.

OK, now simpler: say, 192.168.0.1 is trying to connect to your server. You know that this IP has bad intentions so you decide to block it. Creating an IPTables deny entry is one of the options, null routing is another (adding an entry in the routing tables), more effective one. Why? Because while IPTables is only a software, null routing happens on the server’s level, thus putting less strain on the hardware.
Null routing means basically that you block the IP, but you can also re-route it. For example you can easily re-route it to the loopback address, 127.0.0.1, thus when the client tries to connect to the server, the server instantly redirects the connection to the client’s address. This is often called blackhole routing.

Null routing is the preferred option when a server is under DoS siege.

How to create a null route.

The offender’s IP address in my examples is 192.168.0.1, the gateway mask is 255.255.255.0 and the new route is 127.0.0.1 . Obviously, you replace these values with the offender’s IP and the preferred route.

on Linux, you log in as root, and type:
route add 192.168.0.1 gw 127.0.0.1 lo

On Windows based systems it seems re-routing is not really possible. You can specify a gateway to use to route a specific connection through, but my experience is that it’s just not working in the way I would like to. Even though Microsoft Support tells me the contrary.
Anyway, the shell command you should use for rerouting on Windows based systems is the following:
route add 192.168.0.1 MASK 255.255.255.0 127.0.0.1

The problem is that this created for me a loop, but on the wrong side: on my side.

Related posts brought to you by Yet Another Related Posts Plugin.