Saturday, 14 October 2017

What is Blackhole network

--> Blackhole routes are the special type of static route that is used to drop all the traffic sent to it.

--> A black hole route is used to forward unwanted or undesirable traffic into a black hole.

--> Blackhole routes are also called as null 0 routes.

--> A null route may mainly be used to mitigate DoS attacks there are some other uses.

-->Any time you want to prevent a system from talking to another system you can simply use null routes.

--> Any traffic that has a destination address that has the best match of the black hole static route automatically is dropped.

--> this security solution should be used only for known destination addresses that you never want your router to forward traffic to.

Blackhole route or Null0 Configuration


Router(config)# ip route destination_network_# [subnet_mask] null0

--> When using the null0 interface for black hole routing, you will want to prevent your router from sending ICMP unreachable messages to the sender of the packet, like this:

Router(config)# interface null0

Router(config-if)# no ip unreachables


--> If you do not do this, a hacker can take advantage of this loophole in your configuration to create a DoS attack by flooding your router with black-holed addresses, causing your router to generate an ICMP unreachable message for each packet that the router drops.


--> Hackers like to use this type of DoS attack because many administrators forget to disable ICMP unreachables and inadvertently generate just as much traffic back to the source (which is typically a spoofed address), creating a second DoS attack. By preventing the generation of ICMP unreachable messages, your router silently drops the packets.

--> A DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is a list of IP addresses published through the Internet Domain Name System (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time.

--> DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. The term "Blackhole List" is sometimes interchanged with the term "blacklist" and "blocklist".

No comments:

Post a Comment