bryanlloydharris
asked on
create a null route
I have tried to create a null route in XP, but it doesn't work. Can anyone tell me what I am doing wrong?
route add 1.1.1.1 127.0.0.1
The route addition failed: The parameter is incorrect.
route add 1.1.1.1 127.0.0.1
The route addition failed: The parameter is incorrect.
Antunb
http://technet2.microsoft.com/WindowsServer/en/Library/31bb32f5-99b7-4685-9542-24337b5deb401033.mspx
ASKER
Yes but how to create the null route for Windows XP? (Increasing points to 150.)
I have seen the below command posted on this site
route add 1.1.1.1 mask 255.255.255.255 127.0.0.1
But alas the command as typed *does not work* on windows XP or 2003.
We had a *person* flooding our web cluster with connects to a CGI.
We needed to block his IP in a hurry to stop the attack.
We didn't have access to the router at the time.
After several failed attempts at creating a "NULL" route on the servers we simply added the offending IP to the network card.
using netstat -an we can see the incoming connections attempts but because the tcp connection can not be built back to the client the CGI doesn't seem to execute.
I know this doesn't stop them from coming at us from another IP.
I am not sure what other problems might arise from doing this and I know we need to come up with a more elegant solution, but it worked.
Looking forward to comments.
-- Peace
route add 1.1.1.1 mask 255.255.255.255 127.0.0.1
But alas the command as typed *does not work* on windows XP or 2003.
We had a *person* flooding our web cluster with connects to a CGI.
We needed to block his IP in a hurry to stop the attack.
We didn't have access to the router at the time.
After several failed attempts at creating a "NULL" route on the servers we simply added the offending IP to the network card.
using netstat -an we can see the incoming connections attempts but because the tcp connection can not be built back to the client the CGI doesn't seem to execute.
I know this doesn't stop them from coming at us from another IP.
I am not sure what other problems might arise from doing this and I know we need to come up with a more elegant solution, but it worked.
Looking forward to comments.
-- Peace
ASKER
Robertsearle2, Can you tell me the command which worked? I'm talking about the one when you say "added the offending IP to the network card."
Is this a command I can add with the route, or do you mean some other way?
Is this a command I can add with the route, or do you mean some other way?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To more directly answer your question.
It was not a command line process.
I used the windows GUI.
I have never had the need to script IP administration on a windows box.
--Peace
It was not a command line process.
I used the windows GUI.
I have never had the need to script IP administration on a windows box.
--Peace
ASKER
I think I see, thank you for the advice.
i think i may have solved this in a better way. i think it's better cause it allows ip's to be blocked by batch scripts. (or a service as in my case)
say my local network is 192.168.105.0/24. also say 192.168.105.99 is not used, so in theory i should be able to "route x.x.x.x 192.168.105.99" and traffic for x.x.x.x should get lost. windows somehow ignores this and sends the packets to default gateway anyway.
however, if i first "arp -s 192.168.105.99 11-11-11-11-11-11-11", and then "route x.x.x.x 192.168.105.99" then the packets actually seems to get lost; well, syn packets are probably sent to the lan; didnt sniff traffic to check.
please note that even if i add a static arp entry, windows forgets about it after a restart. i know static routes is remembered during restarts, and if routes exists to a ip, you cant add a static arp entry to that ip, so it doesnt seem like a good idea to do "static null routes", since you just have to delete them after a reboot just to add a static arp entry, and then re-route the blocked ip's.
say my local network is 192.168.105.0/24. also say 192.168.105.99 is not used, so in theory i should be able to "route x.x.x.x 192.168.105.99" and traffic for x.x.x.x should get lost. windows somehow ignores this and sends the packets to default gateway anyway.
however, if i first "arp -s 192.168.105.99 11-11-11-11-11-11-11", and then "route x.x.x.x 192.168.105.99" then the packets actually seems to get lost; well, syn packets are probably sent to the lan; didnt sniff traffic to check.
please note that even if i add a static arp entry, windows forgets about it after a restart. i know static routes is remembered during restarts, and if routes exists to a ip, you cant add a static arp entry to that ip, so it doesnt seem like a good idea to do "static null routes", since you just have to delete them after a reboot just to add a static arp entry, and then re-route the blocked ip's.