Ran into an interesting issue at work today and wanted to document it. We had a rouge process in one of our applicatoins and it was trying to send e-mails via one of our mail gateways at an alarming rate..There was no customer impact, since the mail server was rejecting all the connections. But the high number of connections were causing a strain on our firewalls..
If this was Linux, we would have done something simple like adding a route to point all the traffic destined to mail server to /dev/null by running “route add IP_ADDRESS_OF_MAIL_SERVER MASK /dev/null”
A search on Google showed that you can achieve similar results by doing the following “route ADD IP_ADDRESS_OF_MAIL_SERVER MASK 255.255.255.255 127.0.0.1“. 127.0.0.1 being the IP address of the loopback interface in this case. But when we ran the command, we got an error “incorrect gateway 127.0.0.1”.. So there is NO way to route traffic in Microsoft Windows to a null device..
Finaly, we figured out a round about way to achieve this.. Since the main aim was to reduce the load on the firewall, we identifid an un used IP in the same network as the application server and added a static route to point all traffic going to the mail server to this IP. We ran the following command “route ADD IP_ADDRESS_OF_MAIL_SERVER MASK 255.255.255.255 UN_USED_IP_ADDRESS”
For example, if you application server is in the range 192.168.1.0/24, the mail server is 192.168.2.20.. and an unused IP in the application server range is 192.168.1.10.. the command would look like this “route ADD 192.168.2.20 MASK 255.255.255.255 192.168.1.10“.. You will see a lot of SYN_SENT status in the network connections, since the application is trying to connect t othe mail server via an IP address that doesn’t exist..
Might not be the smartest way to achive this.. but it did the trick.
Sometimes “smart” gets trumped by “urgency”. I enjoyed reading your post.
flash
Thank you for posting this. Goog content. I bookmarked your blog. Thanks again.
Good article.
What I wanted to achiev was actually to block an incoming IP from an external source and I didn’ät want to do via firewall rules for variuos reasons
I didn’t actually get it to work exactly the way you descripbed it. If I used an unusued IP address the server actually still would route trafic to the target.
So , here’s what I did instead. I used the local machines IP address instead i.e.
if the server had local IP address 192.168.0.2 and the defalut GW was 192.168.0.1 I just used route add {unwanted IP address] 192.168.0.2
instead of having it use 192.168.0.1 as default. Of course the IP address one would point it to can’t have routing enabled..
but still, you did point me in the right direction .
Oh, system was a 2008 server so there might be a difference in windows releases also
Cheers /
Juha Jurvanen
CTO Red Cloud IT
Juha – Thx for sharing your experience..
– V
windows dn’t permit forwarding packets to 127.0.0.1 but you can add/create loopback device in a system, assing stupid ip address to it and create any route to forward packets to it. So, you should open control panel/add hardware/select “add a new hardware”/select “install the hardware manualy”/select “network adapters”/select Microsoft-Microsoft Loopback Adapter. After that you will see a knew network adapter in Network Connections. In its properties you are better to disable all options besides tcp/ip-ip address, which you may assing as 1.0.0.1 255.255.255.252,
for example (and no gateway, of course). Now you may ban google dns like that
route -p add 8.8.8.8 mask 255.255.255.255 1.0.0.1
better to see once than hear ten times 🙂
http://www.youtube.com/watch?v=uIKOQHbMXOo
loopback returns packets back where they came from, so they die in the system
Thx for sharing this Alexey.
Upss! With the MS Loopback I bumped into an issue today. On Windows 2000 Server it was revealed that you must not disable “File and Printer Sharing for MS Network” option for this adapter on Active Directory Domain Controller, otherwise you will not be able to configure Group Policy Objects on this server. There is the hint from Microsoft about: http://support.microsoft.com/kb/257435/en-us