In networking, black holes refer to places in the network where incoming traffic is silently discarded (or "dropped"), without informing the source that the data did not reach its intended recipient.

When examining the topology of the network, the black holes themselves are invisible, and can only be detected by monitoring the lost traffic; hence the name.

Dead addresses

The most common form of black hole is simply an IP address that specifies a host machine that isn't running or an address to which no host has been assigned.

Even though TCP/IP provides means of communicating the delivery failure back to the sender via ICMP, traffic destined for such addresses is often just dropped.

Firewalls and "stealth" ports

Most firewalls can be configured to silently discard packets addressed to forbidden hosts or ports, resulting in small or large "black holes" in the network.

Black hole filtering

Black hole filtering refers specifically to dropping packets at the routing level, usually using a routing protocol to implement the filtering on several routers at once, often dynamically to respond quickly to distributed denial-of-service attacks.

PMTUD black holes

Some firewalls incorrectly discard all ICMP packets, including the ones needed for Path MTU discovery to work correctly. This causes TCP connections from/to hosts with a lower MTU to hang.

See also

• /dev/null
• Internet background noise
• Packet drop attack

External links

• Remotely triggered black hole filtering (Cisco Systems)
• University of Washington blackhole monitor/lookup system

de:Black Hole Router