Yes, sorry for the long subject line.
I just noticed that the null-route script for active response (this is
version 1.4) specifies 0.0.0.0 for the IP when the OS is FreeBSD.
This is a snippet from the script:
if [ "X${UNAME}" = "XFreeBSD" ]; then
route -q add ${IP} 0.0.0.0 -blackhole
exit 0;
fi
While this works, it also can cause the system to arp for 0.0.0.0, which in
turn can send out all kinds of fun broadcast traffic. My suggestion would
be to use localhost instead:
if [ "X${UNAME}" = "XFreeBSD" ]; then
route -q add ${IP} 127.0.0.1 -blackhole
exit 0;
fi
