What is blackhole routing?

Blackhole routing or filtering, commonly known as ‘blackholing’, is a precautionary method designed to limit the impact of a DDoS attack. This tactic essentially reroutes network traffic into a “black hole” where it disappears. 

If blackholing is triggered without any specific limitations, both legitimate and illegitimate traffic is directed to a null route or ‘black hole’, ultimately removing it entirely from the network.

 In the context of connectionless protocols such as UDP, there would be no alert sent back to the source if any data is dropped. Conversely, for connection-based protocols like TCP that need a handshake for connectivity, a notification would be returned if the data experiences a drop.

For websites lacking other ways to deter an attack, blackholing is a commonly accessible method. However, this mitigation strategy can also lead to drastic outcomes, making it a potentially unfavorable option to counteract a DDoS attack. The indiscriminate disruption of traffic to the network or service is quite similar to how antibiotics get rid of both harmful and beneficial bacteria. 

One of the most significant disadvantages of blackhole routing is that it can also affect legitimate traffic, effectively aiding the attacker in achieving their objective of traffic disruption to the target network, website, or service. Blackhole routing can be advantageous when a small site that is part of a larger network, is under attack. In these specific circumstances, blackholing the traffic aimed at the smaller site can help protect the larger network from repercussions of the attack.