Null Routing and Blackholing Strategies

1 min read Advanced Security Topics

Null Routing and Blackholing Strategies

Null routing, while a blunt instrument, can save infrastructure during overwhelming attacks. By null routing attacked IP addresses, you sacrifice individual services to protect overall infrastructure. Configure null routes with careful consideration – once implemented, affected services become completely unreachable.

Remote Triggered Black Hole (RTBH) filtering extends null routing capabilities upstream. By advertising attacked prefixes with specific BGP communities, you trigger filtering at your ISP or transit provider. This approach stops attack traffic before it reaches your network, preserving bandwidth for other services.

Selective blackholing enables granular control over which traffic to drop. Rather than blackholing entire IP addresses, configure rules to drop specific protocols, ports, or packet types. This approach minimizes collateral damage while stopping specific attack vectors. Implement careful monitoring to ensure selective rules achieve desired results.

Flowspec provides standardized mechanisms for distributing traffic filtering rules via BGP. Define complex filtering rules that match on multiple packet attributes including source/destination addresses, ports, protocols, and packet lengths. Flowspec rules propagate quickly across BGP networks, enabling rapid attack mitigation.