Blackholing stops DDOS attacks but shuts off all traffic

Blackholing stops DDOS attacks but consumes everything else too

What it is: The most recent distributed denial of service survey from Prolexic  shows that denial of service attack durations, the total time an attack is active, increased this year to 34.4 hours, up from 32 hours last year. Packet rates and bandwidth used during attacks also is up. To weather the storm, service providers can employ blackholing techniques, which prevents all traffic from reaching its destination.

How It Works: Blackholing is a common defense against spam, in which an Internet service provider blocks packets from a domain or IP address, but the technique can be used against DDOS attacks. The problem with a DDOS attack is that not only is the website in question affected, but also others that are sharing the same servers or even routers. Thus, an attack on one agency can affect others if they are closely networked.

When under a massive attack, a black hole can be employed in a kind of "we had to burn the village to save it" approach. All website traffic, covering both legitimate users trying to access information and the fake attack requests, are sent into a black hole, or null route, Prolexic said. The requests aren't processed in any way. Anything trying to access the website is simply dropped. After the attack has stopped, an average of 34 hours later, the black hole is removed and the website is back online. The extra traffic from the attack doesn't affect any connected systems.

Bottom Line: Although effective in protecting other sites, the use of blackholing helps the hackers accomplish their task. The whole point of DDOS is to deny service. Taking a website offline and routing all traffic to a black hole does that. But as attacks increase in size, power and efficiency, more websites and service providers may have to employ it to protect the greater networks.

About the Author

John Breeden II is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected