Ran into an interesting issue at work today and wanted to document it. We had a rouge process in one of our applicatoins and it was trying to send e-mails via one of our mail gateways at an alarming rate..There was no customer impact, since the mail server was rejecting all the connections. But the high number of connections were causing a strain on our firewalls..
If this was Linux, we would have done something simple like adding a route to point all the traffic destined to mail server to /dev/null by running “route add IP_ADDRESS_OF_MAIL_SERVER MASK /dev/null
”
A search on Google showed that you can achieve similar results by doing the following “route ADD IP_ADDRESS_OF_MAIL_SERVER MASK 255.255.255.255 127.0.0.1
“. 127.0.0.1 being the IP address of the loopback interface in this case. But when we ran the command, we got an error “incorrect gateway 127.0.0.1”.. So there is NO way to route traffic in Microsoft Windows to a null device..
Finaly, we figured out a round about way to achieve this.. Since the main aim was to reduce the load on the firewall, we identifid an un used IP in the same network as the application server and added a static route to point all traffic going to the mail server to this IP. We ran the following command “route ADD IP_ADDRESS_OF_MAIL_SERVER MASK 255.255.255.255 UN_USED_IP_ADDRESS
”
For example, if you application server is in the range 192.168.1.0/24, the mail server is 192.168.2.20.. and an unused IP in the application server range is 192.168.1.10.. the command would look like this “route ADD 192.168.2.20 MASK 255.255.255.255 192.168.1.10
“.. You will see a lot of SYN_SENT status in the network connections, since the application is trying to connect t othe mail server via an IP address that doesn’t exist..
Might not be the smartest way to achive this.. but it did the trick.