- Black hole (networking)
In networking, black holes refer to places in the network where incoming traffic is silently discarded (or "dropped"), without informing the source that the data did not reach its intended recipient.
When examining the topology of the network, the black holes themselves are invisible, and can only be detected by monitoring the lost traffic; hence the name.
Dead addresses
The most common form of black hole is simply an
IP address that specifies a host machine that isn't running or an address to which no host has been assigned.Even though TCP/IP provides means of communicating the delivery failure back to the sender via ICMP, traffic destined for such addresses is often just dropped.
Firewalls and "stealth" ports
Most firewalls can be configured to silently discard packets addressed to forbidden hosts or ports, resulting in small or large "black holes" in the network.
Black hole filtering
Black hole filtering refers specifically to dropping packets at the routing level, usually using a
routing protocol to implement the filtering on severalrouter s at once, often dynamically to respond quickly to distributeddenial-of-service attack s.PMTUD black holes
Some firewalls incorrectly discard all ICMP packets, including the ones needed for
Path MTU discovery to work correctly. This causes TCP connections from/to hosts with a lower MTU to hang.See also
*
/dev/null
*Internet background noise
*Packet drop attack External links
* [http://www.cisco.com/warp/public/732/Tech/security/docs/blackhole.pdf Remotely triggered black hole filtering (Cisco Systems)]
* [http://hubble.cs.washington.edu/ University of Washington blackhole monitor/lookup system]
Wikimedia Foundation. 2010.
