SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files 
                                    | |          | |    (_) | | | |
              _ __    ___    _   _  | |_    ___  | | __  _  | | | |
             | '__|  / _ \  | | | | | __|  / _ \ | |/ / | | | | | |
             | |    | (_) | | |_| | | |_  |  __/ |   <  | | | | | |
             |_|     \___/   \__,_|  \__|  \___| |_|\_\ |_| |_| |_|
                            http://sabu.net/data/projects/routekill
  1. What is routekill?

'routekill' is an open-source, BSD-licensed, Python-based project that assists the systems administator in handling automated nullrouting on multiple-platforms.

2) What is nullrouting?

Nullrouting is when you add/modify routes on your local system(s) with the intention of redirecting all traffic from a target to a non-existant host. The SYN requests will pass along to your system(s) but then be redirected to, lets say; 127.0.0.2. The target in this case will receive no sort of reply at all and will end up timing out.

3) Will nullrouting totally protect my system(s)?

No and Yes.

  1. No, if you are being targetted by a mass DDoS network -- even if you log down and nullroute the malicious boxen .. their SYN packets are still arriving at your system. It of course follows that a SYN flood will occur. But if you're administrating an amazingly fast machine on a huge backbone, then it may not even be a big problem.
  2. Yes, if you are nullrouting machines that are either run by; drones, script kiddies, or amatuers- who tend to overload your system(s) with excess requests/scans, and yet not supercede DDoS level.
  3. What is the difference between the 'reject' and 'blackhole' methods?

The 'reject' method sends back a ICMP destination unreachable to the target -- which may may be useful in many situations (in the case of a drone scanner catching the dest. unreach. and giving up, then moving on).

The 'blackhole' silently ignores+redirects packets accordingly without sending any dest. unreach. packets back to the target .. which may leave your target in waiting for a very long time until the connection times out.

5) Why did you write 'routekill'?

Well, it first starts off with my obsessive need of being an operating system enthusiast and my love for running all sorts of flavors of nx. It then refines itself with the fact that I am extremely lazy and seriously do not mind multi-platform automation. And finally because I tend to confuse syntaxes, especially when I'm nullrouting between my Knoppix box and my NetBSD server.

6) Examples?

routekill -s "12.34.56.78" -m "5" -5
(the above will execute a nullroute against a single scan, using route location 5, and method 5)

routekill -t "file-containing-targets.txt" -m0 -3 (the above will sift through the file nullrouting targets, using method 0 and route location 3)

routekill -t "file-2.txt" -s "23.57.76.67" -m2 -4 -v (the above will nullroute items in the file, single nullroute, using method 2, route location 4, with a small hint of verbose)

For development, intellectual, general, ideas/opinions/questions/suggestions and/ or bug reports, please contact me at: sabu@mad.scientist.com.

EOF.


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.