Black hole (networking)
|This article needs additional citations for verification. (September 2013)|
In networking, black holes refer to places in the network where incoming or outgoing traffic is silently discarded (or "dropped"), without informing the source that the data did not reach its intended recipient.
When examining the topology of the network, the black holes themselves are invisible, and can only be detected by monitoring the lost traffic; hence the name.
The most common form of black hole is simply an IP address that specifies a host machine that is not running or an address to which no host has been assigned.
Note that a dead address will be undetectable only to protocols that are both connectionless and unreliable (e.g., UDP). Connection-oriented or reliable protocols (TCP, RUDP) will either fail to connect to a dead address or will fail to receive expected acknowledgements.
Firewalls and "stealth" ports
Most firewalls can be configured to silently discard packets addressed to forbidden hosts or ports, resulting in small or large "black holes" in the network. Personal firewalls that do not respond to ICMP echo requests ("ping") have been designated by some vendors as in "stealth mode". Despite this, in most networks the IP addresses of hosts with firewalls configured in this way are easily distinguished from invalid or otherwise unreachable IP addresses: On encountering the latter, a router will generally respond with an ICMP network rsp. host unreachable error. NAT, as used in home and office routers, is generally a more effective way of obscuring the layout of an internal network.
Black hole filtering
Black hole filtering refers specifically to dropping packets at the routing level, usually using a routing protocol to implement the filtering on several routers at once, often dynamically to respond quickly to distributed denial-of-service attacks.
A DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is a list of IP addresses published through the Internet Domain Name System (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. The term "Blackhole List" is sometimes interchanged with the term "blacklist" and "blocklist".
A DNSBL is a software mechanism, rather than a specific list or policy. There are dozens of DNSBLs in existence, which use a wide array of criteria for listing and delisting of addresses. These may include listing the addresses of zombie computers or other machines being used to send spam, listing the addresses of ISPs who willingly host spammers, or listing addresses which have sent spam to a honeypot system.
Since the creation of the first DNSBL in 1997, the operation and policies of these lists have been frequently controversial, both in Internet advocacy and occasionally in lawsuits. Many email systems operators and users consider DNSBLs a valuable tool to share information about sources of spam, but others including some prominent Internet activists have objected to them as a form of censorship. In addition, a small number of DNSBL operators have been the target of lawsuits filed by spammers seeking to have the lists shut down altogether.
PMTUD black holes
Black hole e-mail addresses
|This section does not cite any references or sources. (November 2014)|
A black hole e-mail address is an e-mail address which is valid (messages sent to it will not generate errors), but to which all messages sent are automatically deleted, and never stored or seen by humans. These addresses are often used as return addresses for automated e-mails.
Sometimes black hole e-mail addresses are operated maliciously in order to phish for data or to obtain e-mail addresses to add to lists for spamming later on. This is similar to typosquatting, and a typosquatted domain may be used in order to attempt to catch e-mails intended for a reputable company (which may also contain personal data as well as providing spammers with a known-valid email address). Alternatively the black hole e-mail address might be posted online, usually by promoting something which is nessecary to request by e-mail but the requested item/service/information is never actually given to the sender of the e-mail and instead their e-mail address is again used for either spamming or phishing.
- Apple Inc., "About the Application Firewall"
- "DNS & RHS blackhole lists". Retrieved 2013-03-26.
- "RFC6471". Retrieved 2013-03-26.
- "RBLMon.com: What are RBLs and How do they Work?". Retrieved 2013-03-26.
- "Revealing Botnet Membership Using DNSBL Counter-Intelligence". Retrieved 2013-03-26.
- "RBL Criticism". Retrieved 2013-03-26.
- "Electronic Frontier Foundation, EFFector, Vol. 14, No. 31, Oct. 16, 2001". Retrieved 2013-03-26.
- "Verio gags EFF founder over spam". Retrieved 2013-03-26.
- "Choosing Spam over Censorship". Retrieved 2013-03-26.
- "EMarketersAmerica.org sues anti-spam groups". Retrieved 2013-03-26.