DDoS (distributed denial of service) attacks are a serious and persistent threat to every network. This series highlights the six widely-accepted technologies and architectures that you can employ to protect your assets. These are:
- Overprovisioning
- DDoS Mitigation Appliances
- ISP Scrubbers
- Third-Party Scrubbing Services
- Cloud Web Application Firewall
- Remotely Triggered Black Hole
For more detailed information, read our whitepaper, Building Better DDoS Mitigation.
Earlier posts in this series covered two on-premise solutions for DDoS mitigation, ISP Scrubbing Centers, and two third-party cloud solutions that provide considerably greater mitigation capacity. This post covers a “solution” with unlimited capacity but a huge shortcoming: Remotely Triggered Black Hole.
Remotely Triggered Black Hole
A remotely triggered black hole simply dumps all traffic from across the internet for a particular destination, using BGP to send it to a non-routable address space.
It relies on the RFC 1918 address space, set up to be blocked as a source by every ISP to send traffic to the null interface on routers. When access to a network block is routed through an RFC 1918 network via BGP, every router around the world immediately starts dropping the traffic, good and bad. It cuts off the DDoS traffic by cutting off all traffic.
It’s the equivalent of total surrender, relieving the pressure on your site but also dumping your legitimate traffic as well. Your network is just as inaccessible as if the attack were successful.
Despite this major drawback, remotely triggered black holes are a commonly used DDoS mitigation technology, suggesting that many organizations are not well prepared with an effective plan and strategy to mitigate attacks, or that the target is just not cost-effective to defend.
In most cases, a black hole should be used only as a last resort, such as when a target is attacked with such a large volume that it starts to impact their upstream ISPs services to their other customers. The ISP has no choice but to blackhole traffic headed to that customer.
However, in some cases, Remotely Triggered Black Holes can be used in conjunction with community routes inside a region or country in order to blackhole traffic coming from outside and to keep delivering network traffic inside that community. An effective DDoS strategy often involves multiple mitigation technologies. Both UltraDDoS Protect, our massively scaled DDoS solution, and UltraWAF, our advanced Web Application Firewall, work effectively with other technologies to provide the highest level of protection.
We’d be happy to discuss your DDoS strategy and look for solutions that could strengthen your security posture. Contact us today for a consultative discussion of your strategy and options.
