Monday, July 16, 2012

Null Routes on Windows 7

Null routes are a useful way to quickly discard packets from an unwanted address or network, especially when you’ve not got immediate or any access to the upstream/gateway router.

I had a client PC that was being hammered over a port forward from a router I had no administrative control. I logged a support request for the upstream router, but rather than wait two days to chase up the request, I added a null route to the client PC.

Typically I add a route to a non-existent IP on the network, but the upstream router was intercepting the ARP requests for the non-existent IP and forwarding on the packet.

I then tried adding a route for the host to point to the loopback address (127.0.0.1), but got a “The route addition failed: The parameter is incorrect” error. Helpful.

After trial and error I got the null route working by specifying the current default gateway address and the software loopback interface like this:

route  -p add <IP address> mask 255.255.255.2555 <gateway address> if 1

You may need to use route print to check to see that the interface number for the loopback interface is 1. If the number isn’t 1, then use that number instead of 1 above.

If you’re looking at null routing for sshd/OpenSSH/RDP, then have a look at the ServerFault entries here and here.

No comments: