Re: Alternic takes over Internic traffic

[Paul A Vixie <vixie () vix com>]

>  If you have a smaller network and still want the ability to do this 
> (e.g. singly-homed site) just route the networks concerned to 
> nowhere on your gateway router
>
> ip route a.b.c.d w.x.y.z Null0
>
> route add net a.b.c.d <local or null IP address> 1

Make sure that this is causing ICMP-Unreach-Host messages to be sent back
to your internal hosts who try to reach that net, and also make sure that
your mail server's TCP stack torpedoes its connection state (or even just
increments its retry timer and resends) when a SYN-ACK meets that ICMP.

Not all Cisco IOS revision levels behave the right way, and not all SunOS
kernels do the right thing when a SYN-ACK meets an ICMP-Unreach-Host.  So
you can, if you're not careful, turn the above recommendation into a SYN
flood attack against your own internal servers.