Home » Security » Black hole filtering

Black hole filtering

Black hole filtering is a technique usually used by service providers for traffic filtering without applying access-lists.

The technique is very useful in mitigation of many types of DOS attacks. The idea behind Black hole filtering is very simple; just define the traffic you want to discard and configure a static route pointing to the Null0 interface.

The following rules summarize the technique:

  • Define the suspected traffic by destination.
  • Configure static route pointing this destination to null0.
  • Black hole filtering is based on the destination address of the packet.
  • Packets directed to the Null interface are just discarded.
  • Static routes to the Null0 interface use the same rules of normal static routes (redistribution, AD, etc..).

Example:

!-- packets destined to 192.168.1.1 are discarded
ip route 192.168.1.1 255.255.255.255 null0

!-- Disable ICMP unreachable packets
int null0
no ip unreachables

Leave a Reply

Your email address will not be published. Required fields are marked *