Joe, Adding routes to different networks to block addresses is probably not the best of methods to go, however you may be interested in using ipchains/iptables depending on your kernel version.
kernel 2.4.x - iptables iptables -A INPUT -s <offending IP> -j DROP kernel 2.2.x - ipchains ipchains -A inpus -s <offending IP> -j DENY for iptables, you can do some logging and the such so you know when they are attempting to connect: iptables -N kiddies iptables -A kiddies -j LOG --log-prefix "Script Kiddie Log: " -m limit --limit 1/m iptables -A kiddies -j DROP iptables -A INPUT -s <offending ip> -j kiddies <offending ip> in each example can represent just the IP address itself as well as a netblock via the CIDR notation. a quick example for CIDR looks like this: IP NETMASK CIDR 192.168.2.0 255.255.255.0 192.168.2.0/24 10.0.0.0 255.0.0.0 10.0.0.0/8 172.16.0.0 255.255.0.0 172.16.0.0/16 CIDR basically is just the number of bits in the netwokr mask. here is a brief explanation of the iptables rules represented by 'kiddies'... iptables -N kiddies # create a new empty chain called # kiddies to handle anything that # points to it iptables -A kiddies -j LOG --log-prefix \ "Script Kiddie Log: " # this part logs a bit of # information about the # packet -m limit --limit 1/m # this sets log limits to # 1 per minute ( a nice # feature to prevent # flooding iptables -A INPUT -s <offending ip> -j kiddies # this tells the <offending ip> # source (-s) to go to the # chain kiddies more information is availble via the following links: ipchains http://www.netfilter.org/ipchains/ iptables http://www.netfilter.org http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html I hope this helps at least a little, and if not i appologize. Thanks, Ryan Yagatich <[EMAIL PROTECTED]> Pantek, Incorporated (877) LINUX-FIX - (440) 519-1802 =================================== B5 50 A7 EE 0E D1 1E 15 CA B0 60 E2 B3 0A 95 4E 23 CA 7D AC 5F C6 63 9C =================================== A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce. -- Don Quinn On Fri, 13 Sep 2002, Joseph Monti wrote: >I've been an unfortunate target of various script-kiddies/worms and have >configured apache to perform something like this on all incoming requests >containing bad URI's: > >route -n add <evil IP> gw <bogus local host> > >The only concern I have is will this cause performance problems? I've got >about 10 so far and I just put it up about 24hrs ago. > >Thanks, >Joe Monti >