On Tue, 15 Jul 1997 at around 17:17:58,
"DH" == Dorn Hetzel penned:
> Since we run OSPF internally, we find it easier to do this by
> setting up a 2501 (dedicated to the task) with static routes
> pointing into a loopback interface which is filtered with an
> access list to block all packets. The static routes are
> redistributed into OSPF, which caused each static to suck
> packets bound from anywhere in our network into the filter,
> kill them, and log them. Of course, there is no risk of the
> OSPF leaking to the outside world, though it covers our network
> nicely, and we get logging of attempted replies to these
> sites. Since OSPF is nicely classless, we block anythink from
> a /32 up...
If you have a smaller network and still want the ability to do this
(e.g. singly-homed site) just route the networks concerned to
nowhere on your gateway router
ip route a.b.c.d w.x.y.z Null0
route add net a.b.c.d <local or null IP address> 1
This won't stop the DNS hack from polluting your servers (u/g the
software 
but I don't think my Linux box needs to contact DNS
pirates ;-}
> -Dorn Hetzel
> Epoch Internet
Cheers,
Lyndon