Re: [SLUG] Verisign Annoyance?

From: Ian Blenke (
Date: Fri Sep 26 2003 - 13:58:14 EDT

Eben King wrote:
> On Thu, 25 Sep 2003, Paul M Foster wrote:
>>I decided to see if I could do something about blocking this at my
>>network. So I inserted a rule in my iptables to block incoming traffic
>>from their sitefinder IP address. In other words, if you misspelled a
>>domain name (what they're counting on), you'd get a packet burst back
>>from their sitefinder IP, which would get dropped at the firewall.
> I'm toying with the idea of adding a null route to
> ( I think that would give a different error ("no
> route to host" or some such) than a typo would ("host not found" or some
> such). Problem 1, would that work? and problem 2, how would I do that?
> The first guess for the method would be to add it using a "route" command
> in rc.local . But would that route stay if I brought interfaces down and
> up?
> My second guess is to trawl /etc for the word "route" and see where that
> leads. Ideas?

On any Linux box, use:

        /sbin/route add -host reject

or if you have the iproute package in your distro:

        /sbin/ip route add unreachable scope host

On a Debian box, you can add this with an "up" directive in your
/etc/network/interfaces file:

        auto eth0
        iface eth0 inet dhcp
                up /sbin/route add -host reject

On a RedHat <9.0 box, I believe you add something like this to your
/etc/sysconfig/static-routes file:

        eth0 host reject

On a RedHat 9.0 box, you need to add something different to
/etc/sysconfig/network-scripts/route-eth0 instead:

        unreachable scope host

Alternatively, you can always add the aforementioned route lines to your
/etc/rc.local or other init script.

- Ian C. Blenke <>
(This message bound by the following:

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:02:57 EDT