networking - IP address that is the equivalent of /dev/null

06
2014-04
  • Tyler Durden

    Is there an IP address that would result in any packet sent to be ignored (blackholed)?

    I know I can always set up a router with an IP address and then just have it ignore all packets sent to it, but does such a thing exist to save me the trouble?

    • Answers
  • Moshe Katz

    There's specifically a blackhole prefix in IPV6, as described in RFC 6666, it's 100::/64. IP4 does not have an explicit black hole like that, but a non-existent host on one of the reserved blocks would have that effect. (e.g., 240.0.0.0/4 is "reserved for future use" and will not be routed by anything.)

  • RobIII

    There is such a thing as network Black hole.

    If there are no devices in the network with IP address 192.168.0.10, then this IP address is kind of black hole and it will "discard" all the traffic to it, simply because it does not exist.

    Protocols which keep track of connection state (TCP) can detect a missing destination host. It will not happen with UDP and packets will just die while the sending host will not be informed about that.

    You can setup black hole with firewall by setting it up to silently drop packets (not reject) from particular (or many) addresses.

    As far as I know there is no such network standard address which will do black hole for you in TCP/IP version 4 (Thanks to Bandrami).

    So you have two options:

    1. An IP address which was not assigned to any host;
    2. Host with firewall which silently drops packets or variations of it, for example using netcat: (as suggested by ultrasawblade).

    nc -vv -l 25 > /dev/null will listen for inbound connections on TCP port 25 and pipe the results to /dev/null. More examples here.

    The entire subnet also can be a black hole (Null route).

  • Gabe

    There's no "standard blackhole address" as such, nor is there really any requirement for it. You don't say what you're actually trying to achieve, so I can't help you do so, but here are some wrong solutions for your problem that would answer your question as you asked it:

    • You can use an RFC1918 address that's not in use on your network and rely on your ISP to drop it for you. For example, if you're only using some parts of 192.168, 10.255.255.1 would be null-routed by your ISP (which would get it thanks to your default gateway).
    • You can use an IP address that's reserved for future use (and will probably never be used); that's the old "Class E" range. It'll do the same as above, but will work even if you use all of the private address ranges already (by having much broader netmasks than necessary, I doubt that you'll have millions of attached devices). For example, 254.0.0.1 will never (legally) refer to a real device.
    • On the machine where you need this, you can add a drop-only target; using an unused address such as the above, for example, iptables -I OUTPUT -d 254.0.0.0/8 -j DROP will ensure anything sent to that "network" will be silently dropped instead of bothering any gateways, or even causing traffic on the actual network interface.

    Again, you probably don't actually want any of this, even if you think it's convenient - it's not, it's confusing and non-obvious and not a good solution to whatever your problem really is.

  • Darien

    While it isn't a black-hole, you might also want to consider the IPs set aside for test/example purposes, especially if your goal is a "safely non-working default" value.

    • 192.0.2.0/24 (TEST-NET-1),
    • 198.51.100.0/24 (TEST-NET-2)
    • 203.0.113.0/24 (TEST-NET-3)

    Network operators SHOULD add these address blocks to the list of non-routeable address spaces, and if packet filters are deployed, then this address block SHOULD be added to packet filters.

    There's no guarantee that packets to those addresses will be blocked (that depends on your ISP, etc.) but certainly nobody should be already using them.

  • wilx

    Side stepping your question, what about using the "discard protocol"?

  • ljwobker

    One thing to consider (which may or may not be a problem for your particular scenario) is that if you redirect traffic to an IP address that does not exist, the router and/or host may attempt to continuously ARP for that address, which could be a bad thing.

    If you configure a static ARP<->IP binding for this phantom address, then the system will always have a resolved ARP entry, and it will just put the packet on the wire with that ARP address (which, assumedly, is bogus) and the traffic won't actually land anywhere.

    Again, this may very well NOT be what you actually want, but it's worth considering.

  • Dave

    Depending on what you are attempting, 127.0.0.1 is a blackhole.

    http://en.wikipedia.org/wiki/Loopback


    • Related Question

    IP Address Changing
  • Daniel

    How can I go to the same website but use a different IP address every time?

    Does TOR do this? I want to access a site but not have it know that the same IP is hitting it everytime.

    TOR or http://anonymouse.org are these options or is there another tool for this?


    • Related Answers
  • Area 51

    TOR, is an onion router. So yes, your IP address as it appears to the website will be altered than if you were to directly connect to it.