![]() Null routes are typically configured with a special route flag, but can also be implemented by forwarding packets to an illegal IP address such as 0.0.0.0, or the loopback address. ![]() The Internet Exchange (IX) provider usually acquires this technology to help its members or participants to filter such attack Remote Triggered Black Hole Filtering (RTBH) is a technique that provides the ability to drop undesirable traffic before it enters a protected network. The rest of this article deals with null routing in the Internet Protocol (IP).īlack hole filtering refers specifically to dropping packets at the routing level, usually using a routing protocol to implement the filtering on several routers at once, often dynamically to respond quickly to distributed denial-of-service attacks. The act of using null routes is often called blackhole filtering. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. Ī null route or black hole route is a network route ( routing table entry) that goes nowhere. Network address translation (NAT), as used in home and office routers, is generally a more effective way of obscuring the layout of an internal network. Personal firewalls that do not respond to ICMP echo requests ("ping") have been designated by some vendors as being in "stealth mode".ĭespite this, in most networks the IP addresses of hosts with firewalls configured in this way are easily distinguished from invalid or otherwise unreachable IP addresses: On encountering the latter, a router will generally respond with an ICMP network rsp. Most firewalls (and routers for household use) can be configured to silently discard packets addressed to forbidden hosts or ports, resulting in small or large "black holes" in the network. For example, 198.51.100.0 / 24 is reserved for use in documentation and examples by RFC 5737 while the RFC advises that the addresses in this range are not routed, this is not a requirement. Connection-oriented or reliable protocols (TCP, RUDP) will either fail to connect to a dead address or will fail to receive expected acknowledgements.įor IPv6, the black hole prefix 100:: / 64 is described by RFC 6666.įor IPv4, no black hole address is explicitly defined, however the reserved IP addresses can help achieve a similar effect. ![]() Note that a dead address will be undetectable only to protocols that are both connectionless and unreliable (e.g., UDP). ![]() The most common form of black hole is simply an IP address that specifies a host machine that is not running or an address to which no host has been assigned.Įven though TCP/IP provides a means of communicating the delivery failure back to the sender via ICMP, traffic destined for such addresses is often just dropped. When examining the topology of the network, the black holes themselves are invisible, and can only be detected by monitoring the lost traffic hence the name as astronomical Black holes cannot be directly observed. In networking, a black hole refers to a place in the network where incoming or outgoing traffic is silently discarded (or "dropped"), without informing the source that the data did not reach its intended recipient. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |