[PLUG] when to blackhole routes?

Carla Schroder carla at bratgrrl.com
Tue Apr 17 00:21:57 UTC 2007


Under what circumstances does it make sense to blackhole routes? Assume you 
are using the null0 interface in Quagga. An obvious example is blocking 
spammers or other pests, like out-of-control web spiders. What about blocking 
RFC 1918 addresses entering or leaving your network with routing commands 
instead of iptables rules? Isn't that more efficient?

Isn't blackholing an invitation to a syn flood attack anyway? Can you use the 
ip command's 'unreachable' rule option, which sends a 'Network is 
unreachable' error?

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook! 
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the PLUG mailing list