Black hole (networking)

In networking, black holes refer to places in the network where incoming or outgoing traffic is silently discarded (or "dropped"), without informing the source that the data did not reach its intended recipient.

When examining the topology of the network, the black holes themselves are invisible, and can only be detected by monitoring the lost traffic; hence the name.

The most common form of black hole is simply an IP address that specifies a host machine that is not running or an address to which no host has been assigned.

Even though provides a means of communicating the delivery failure back to the sender via , traffic destined for such addresses is often just dropped.

Note that a dead address will be undetectable only to protocols that are both connectionless and unreliable (e.g., ). Connection-oriented or reliable protocols (TCP, ) will either fail to connect to a dead address or will fail to receive expected acknowledgements.

Most firewalls (and routers for household use) can be configured to silently discard packets addressed to forbidden hosts or ports, resulting in small or large "black holes" in the network.

Personal firewalls that do not respond to echo requests ("ping") have been designated by some vendors as being in "stealth mode".

Despite this, in most networks the IP addresses of hosts with firewalls configured in this way are easily distinguished from invalid or otherwise unreachable IP addresses: On encountering the latter, a router will generally respond with an ICMP network rsp. host unreachable error. NAT, as used in home and office routers, is generally a more effective way of obscuring the layout of an internal network.

Black hole filtering refers specifically to dropping packets at the routing level, usually using a to implement the filtering on several routers at once, often dynamically to respond quickly to distributed denial-of-service attacks.

...
Wikipedia