Mitigate DoS Attacks in Linux with a blackhole route

By | 2013/06/04

If you are under a DoS attack, it is best to route the offending IP to a blackhole or null route rather than rejecting or other actions on the traffic. Here’s how it works in Linux!


Create a new route for the offender’s IP as follows:

$ sudo ip route add blackhole 172.16.1.212

View current routes with:

$ sudo ip route show

Ex:

stmiller@brahms:~$ sudo ip route show
default via 172.16.1.1 dev eth1  proto static 
172.16.1.0/24 dev eth1  proto kernel  scope link  src 172.16.1.202 
blackhole 172.16.1.212

It is also possible to remove that blackhole route like so:

$ sudo ip route del 172.16.1.212

Thanks @agusl88!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.