Example:
mail# ping -c1 ppp113-250.texoma.net
PING ppp113-250.texoma.net (206.65.113.250): 56 data bytes
--- ppp113-250.texoma.net ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
The question comes from reading the NANOG article below.
Thanks,
Larry
---30---
Posted-Date: Wed, 16 Jul 1997 16:58:32 -0500 (CDT)
X-Authentication-Warning: wisdom.rc.vix.com: localhost [127.0.0.1] didn't
use HELO protocol
To: nanog@merit.edu
Subject: Re: Alternic takes over Internic traffic
Date: Wed, 16 Jul 1997 14:18:52 -0700
From: Paul A Vixie <vixie@vix.com>
Sender: owner-nanog@merit.edu
> If you have a smaller network and still want the ability to do this
> (e.g. singly-homed site) just route the networks concerned to
> nowhere on your gateway router
>
> ip route a.b.c.d w.x.y.z Null0
>
> route add net a.b.c.d <local or null IP address> 1
Make sure that this is causing ICMP-Unreach-Host messages to be sent back
to your internal hosts who try to reach that net, and also make sure that
your mail server's TCP stack torpedoes its connection state (or even just
increments its retry timer and resends) when a SYN-ACK meets that ICMP.
Not all Cisco IOS revision levels behave the right way, and not all SunOS
kernels do the right thing when a SYN-ACK meets an ICMP-Unreach-Host. So
you can, if you're not careful, turn the above recommendation into a SYN
flood attack against your own internal servers.