125

Is there an IP address that would result in any packet sent to be ignored (blackholed)?

I know I can always set up a router with an IP address and then just have it ignore all packets sent to it, but does such a thing exist to save me the trouble?

Tyler Durden
  • 6,333

7 Answers7

113

There's specifically a blackhole prefix in IPV6, as described in RFC 6666, it's 100::/64. IP4 does not have an explicit black hole like that, but a non-existent host on one of the reserved blocks would have that effect. (e.g., 240.0.0.0/4 is "reserved for future use" and will not be routed by anything.)

Community
  • 1
Bandrami
  • 1,943
42

There is such a thing as network Black hole.

If there are no devices in the network with IP address 192.168.0.10, then this IP address is kind of black hole and it will "discard" all the traffic to it, simply because it does not exist.

Protocols which keep track of connection state (TCP) can detect a missing destination host. It will not happen with UDP and packets will just die while the sending host will not be informed about that.

You can setup black hole with firewall by setting it up to silently drop packets (not reject) from particular (or many) addresses.

As far as I know there is no such network standard address which will do black hole for you in TCP/IP version 4 (Thanks to Bandrami).

So you have two options:

  1. An IP address which was not assigned to any host;
  2. Host with firewall which silently drops packets or variations of it, for example using netcat: (as suggested by ultrasawblade).

nc -vv -l 25 > /dev/null will listen for inbound connections on TCP port 25 and pipe the results to /dev/null. More examples here.

The entire subnet also can be a black hole (Null route).

Community
  • 1
VL-80
  • 4,693
36

While it isn't a black-hole, you might also want to consider the IPs set aside for test/example purposes (by RFC 5737), especially if your goal is a "safely non-working default" value.

  • 192.0.2.0/24 (TEST-NET-1),
  • 198.51.100.0/24 (TEST-NET-2)
  • 203.0.113.0/24 (TEST-NET-3)

Network operators SHOULD add these address blocks to the list of non-routeable address spaces, and if packet filters are deployed, then this address block SHOULD be added to packet filters.

There's no guarantee that packets to those addresses will be blocked (that depends on your ISP, etc.) but certainly nobody should be already using them.

Community
  • 1
Darien
  • 461
18

There's no "standard blackhole address" as such, nor is there really any requirement for it. You don't say what you're actually trying to achieve, so I can't help you do so, but here are some wrong solutions for your problem that would answer your question as you asked it:

  • You can use an RFC1918 address that's not in use on your network and rely on your ISP to drop it for you. For example, if you're only using some parts of 192.168, 10.255.255.1 would be null-routed by your ISP (which would get it thanks to your default gateway).
  • You can use an IP address that's reserved for future use (and will probably never be used); that's the old "Class E" range. It'll do the same as above, but will work even if you use all of the private address ranges already (by having much broader netmasks than necessary, I doubt that you'll have millions of attached devices). For example, 254.0.0.1 will never (legally) refer to a real device.
  • On the machine where you need this, you can add a drop-only target; using an unused address such as the above, for example, iptables -I OUTPUT -d 254.0.0.0/8 -j DROP will ensure anything sent to that "network" will be silently dropped instead of bothering any gateways, or even causing traffic on the actual network interface.

Again, you probably don't actually want any of this, even if you think it's convenient - it's not, it's confusing and non-obvious and not a good solution to whatever your problem really is.

Community
  • 1
Gabe
  • 2,170
3

Test Ranges

I would probably suggest one of the "TEST-NET" address ranges, "for use in documentation and examples. It should not be used publicly".

192.0.2.0/24
198.51.100.0/24
203.0.113.0/24

"Bogon" (Bogus/Fake) Ranges

I'm not sure where to say here, this appears to be more of a practice that an Internet gateway would provide, rather than a specific way to implement a packet that is routed somewhere it shoudln't be

Local Ranges

There is also loopback address range, 127.0.0.0/8, eg 127.0.0.255. Though its still possible for things to exist there, specifically any services on the local machine, at least you won't interfere with any machines on the network (unless your have network services that are backed by other network services I guess).

127.0.0.0/8

Illegal Destination Ranges

Perhaps the illegal address 0.0.0.0 can be used as well, though 0.0.0.0/8 is reserved for "Used for broadcast messages to the current ("this")" so there is risk of broatcasting on that.

0.0.0.0/8

The Wikipedia Page for Null Route states:

Null routes are typically configured with a special route flag, but can also be implemented by forwarding packets to an illegal IP address such as 0.0.0.0, or the loopback address.

Refs: https://en.wikipedia.org/wiki/Reserved_IP_addresses

ThorSummoner
  • 1,240
3

Side stepping your question, what about using the "discard protocol"?

wilx
  • 153
1

One thing to consider (which may or may not be a problem for your particular scenario) is that if you redirect traffic to an IP address that does not exist, the router and/or host may attempt to continuously ARP for that address, which could be a bad thing.

If you configure a static ARP<->IP binding for this phantom address, then the system will always have a resolved ARP entry, and it will just put the packet on the wire with that ARP address (which, assumedly, is bogus) and the traffic won't actually land anywhere.

Again, this may very well NOT be what you actually want, but it's worth considering.

ljwobker
  • 368