11-22-2005 11:20 PM - edited 03-03-2019 11:03 AM
what is sink-hole router?...what is the concept behind it?....plz tell me in detail
11-23-2005 12:28 AM
Hi
AFAIK its used to track/examine the usual DOS attacks in large SP networks..
do find the info about both sinkhole router and routing..
Use Sink-Hole Routers to Identify Infected Systems
Sink-hole routers are typically used by a service provider to redirect malicious IP traffic to a single IP address where the traffic can be examined in greater detail. Service providers can use this concept to identify networks and individual hosts where worm traffic is originating. This concept can also be applied within an enterprise architecture environment to identify hosts that are infected by a worm and are actively seeking additional target systems. Setting up a sink-hole router will assist in determining which systems in the environment are infected when NIDS is not available, either due to insufficient resources to deploy NIDS or other architectural constraints. This works by using addresses not yet allocated by the Internet Assigned Numbers Authority (IANA) that some worms will inadvertently attempt to exploit. The sink-hole router advertises these networks locally (only), and any attempts at reaching them will then be routed to the router. Once received, they can be logged and discarded. The logs will provide a list of infected hosts.
Sinkhole Routing
If the ISP is interested instead in examining the flooding attack and stopping it, it can use sink-hole routing. This works by injecting a more specific route from one of the ISP's routers than the subnet route you advertise, which is under attack. For example, if your subnet is 192.0.2.0/24 and IP address 192.0.2.52 is under attack, the ISP can inject a route specifically to the 192.0.2.52/32 address that redirects the attack traffic to a network honeypot of sorts, where the ISP can examine and classify the traffic
regds
11-23-2005 06:05 AM
Try the following pdf, it should give you more than you need to know:
http://www.cisco.com/warp/public/732/Tech/security/docs/blackhole.pdf
12-18-2023 06:56 AM
this link is no longer working.
12-18-2023 08:33 AM
A link that is 18 years old not working is not surprising. I am not sure that this link is exactly what you are looking for but I hope you may find it helpful:
https://www.cisco.com/c/dam/en_us/about/security/intelligence/blackhole.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide