Mitigate DoS Attacks in Linux with a blackhole route

By | 2013/06/04

If you are under a DoS attack, it is best to route the offending IP to a blackhole or null route rather than rejecting or other actions on the traffic. Here’s how it works in Linux!

Create a new route for the offender’s IP as follows:

$ sudo ip route add blackhole

View current routes with:

$ sudo ip route show


stmiller@brahms:~$ sudo ip route show
default via dev eth1  proto static dev eth1  proto kernel  scope link  src 

It is also possible to remove that blackhole route like so:

$ sudo ip route del

Thanks @agusl88!