A null route or blackhole route is a routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.
Null routes are typically configured with a special route flag, but can also be implemented by forwarding packets to an illegal IP address such as 0.0.0.0, or the loopback address.
Null routing has an advantage over classical firewalls since it is available on every potential network router, and adds virtually no performance impact. Due to the nature of high-bandwidth routers, null routing can often sustain higher throughput than conventional firewalls. For this reason, null routes are often used on high-performance core routers to mitigate large-scale denial-of-service attacks before the packets reach a bottleneck, thus avoiding collateral damage from DDoS attacks — although the target of the attack will be inaccessible to anyone. Blackhole filtering can also be abused by malicious attackers on compromised routers to filter out traffic destined to a certain address.
Nullrouting with iproute2 on Linux:
$ ip route add blackhole 192.168.32.128/32Nullrouting with 'route' on Solaris and BSD:
$ route add -host 10.10.0.1 127.0.0.1 -blackhole
$ route add -net 10.10.64.0/18 127.0.0.1 -blackhole
Creating a discard route on Juniper Networks' Junos:
set routing-options static route 192.168.0.0/16 discard Routing to the Null0 interface on Cisco IOS:
ip route 192.168.0.0 255.255.0.0 Null0
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.