Black hole (networking)
Encyclopedia
In networking, black holes refer to places in the network where incoming traffic
is silently discarded (or "dropped"), without informing the source that the data did not reach its intended recipient.
When examining the topology of the network
, the black holes themselves are invisible, and can only be detected by monitoring the lost traffic; hence the name.
that specifies a host machine that is not running or an address to which no host has been assigned.
Even though TCP/IP
provides means of communicating the delivery failure back to the sender via ICMP
, traffic destined for such addresses is often just dropped.
to implement the filtering on several routers at once, often dynamically to respond quickly to distributed denial-of-service attack
s.
to work correctly. This causes TCP connections from/to hosts with a lower MTU
to hang.
is an e-mail address which is valid (messages sent to it will not generate errors), but to which all messages sent are automatically deleted, and never stored or seen by humans. These addresses are often used as return addresses for automated e-mails.
Internet traffic
-Historical Internet Traffic Growth:Because of the distributed nature of the Internet, there is no single point of measurement for total Internet traffic...
is silently discarded (or "dropped"), without informing the source that the data did not reach its intended recipient.
When examining the topology of the network
Network topology
Network topology is the layout pattern of interconnections of the various elements of a computer or biological network....
, the black holes themselves are invisible, and can only be detected by monitoring the lost traffic; hence the name.
Dead addresses
The most common form of black hole is simply an IP addressIP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
that specifies a host machine that is not running or an address to which no host has been assigned.
Even though TCP/IP
Internet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...
provides means of communicating the delivery failure back to the sender via ICMP
Internet Control Message Protocol
The Internet Control Message Protocol is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be...
, traffic destined for such addresses is often just dropped.
Firewalls and "stealth" ports
Most firewalls can be configured to silently discard packets addressed to forbidden hosts or ports, resulting in small or large "black holes" in the network.Black hole filtering
Black hole filtering refers specifically to dropping packets at the routing level, usually using a routing protocolRouting protocol
A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network, the choice of the route being done by routing algorithms. Each router has a priori knowledge only of...
to implement the filtering on several routers at once, often dynamically to respond quickly to distributed denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
s.
PMTUD black holes
Some firewalls incorrectly discard all ICMP packets, including the ones needed for Path MTU discoveryPath MTU discovery
Path MTU Discovery is a standardized technique in computer networking for determining the maximum transmission unit size on the network path between two Internet Protocol hosts, usually with the goal of avoiding IP fragmentation...
to work correctly. This causes TCP connections from/to hosts with a lower MTU
Maximum transmission unit
In computer networking, the maximum transmission unit of a communications protocol of a layer is the size of the largest protocol data unit that the layer can pass onwards. MTU parameters usually appear in association with a communications interface...
to hang.
Black hole e-mail addresses
A black hole e-mail addressE-mail address
An email address identifies an email box to which email messages are delivered. An example format of an email address is lewis@example.net which is read as lewis at example dot net...
is an e-mail address which is valid (messages sent to it will not generate errors), but to which all messages sent are automatically deleted, and never stored or seen by humans. These addresses are often used as return addresses for automated e-mails.
See also
- Null route
- Internet background noiseInternet background noiseInternet background noise consists of data packets on the Internet which are addressed to IP addresses or ports where there is no network device set up to receive them. These noise packets normally contain unsolicited commercial or network control messages, or are the result of port scans and...
- Packet drop attackPacket drop attackIn computer networking, a packet drop attack or blackhole attack is a type of denial-of-service attack in which a router supposed to relay packets discards them instead. This usually occurs from a router becoming compromised from a number of different causes. One cause mentioned in research is...
- DDoS