Black hole filtering

February 17th, 2009 Wael Osama Posted in Security | No Comments »

Black hole filtering is a technique usually used by service providers for traffic filtering without applying access-lists.

The technique is very useful in mitigation of many types of DOS attacks. The idea behind Black hole filtering is very simple; just define the traffic you want to discard and configure a static route pointing to the Null0 interface.

The following rules summarize the technique:

  • Define the suspected traffic by destination.
  • Configure static route pointing this destination to null0.
  • Black hole filtering is based on the destination address of the packet.
  • Packets directed to the Null interface are just discarded.
  • Static routes to the Null0 interface use the same rules of normal static routes (redistribution, AD, etc..).

Example:

!-- packets destined to 192.168.1.1 are discarded
ip route 192.168.1.1 255.255.255.255 null0

!-- Disable ICMP unreachable packets
int null0
no ip unreachables

Related posts:

  1. Static Routes Label Binding
  2. Static routes and next hops
  3. VRF Selection Based on Source IP Addresses
  4. BGP helicopter view
  5. Connected Routes Advertisment


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

« VRF Lite
Link state protocols and Areas concept »