IP address that is the equivalent of /dev/null
Solution 1
There's specifically a blackhole prefix in IPV6, as described in RFC 6666, it's 100::/64. IP4 does not have an explicit black hole like that, but a non-existent host on one of the reserved blocks would have that effect. (e.g., 240.0.0.0/4 is "reserved for future use" and will not be routed by anything.)
Solution 2
There is such a thing as network Black hole.
If there are no devices in the network with IP address 192.168.0.10, then this IP address is kind of black hole and it will "discard" all the traffic to it, simply because it does not exist.
Protocols which keep track of connection state (TCP) can detect a missing destination host. It will not happen with UDP and packets will just die while the sending host will not be informed about that.
You can setup black hole with firewall by setting it up to silently drop packets (not reject) from particular (or many) addresses.
As far as I know there is no such network standard address which will do black hole for you in TCP/IP version 4 (Thanks to Bandrami).
So you have two options:
- An IP address which was not assigned to any host;
- Host with firewall which silently drops packets or variations of it, for example using
netcat: (as suggested by ultrasawblade).
nc -vv -l 25 > /dev/null will listen for inbound connections on TCP port 25 and pipe the results to /dev/null. More examples here.
The entire subnet also can be a black hole (Null route).
Solution 3
While it isn't a black-hole, you might also want to consider the IPs set aside for test/example purposes (by RFC 5737), especially if your goal is a "safely non-working default" value.
-
192.0.2.0/24(TEST-NET-1), -
198.51.100.0/24(TEST-NET-2) -
203.0.113.0/24(TEST-NET-3)
Network operators SHOULD add these address blocks to the list of non-routeable address spaces, and if packet filters are deployed, then this address block SHOULD be added to packet filters.
There's no guarantee that packets to those addresses will be blocked (that depends on your ISP, etc.) but certainly nobody should be already using them.
Solution 4
There's no "standard blackhole address" as such, nor is there really any requirement for it. You don't say what you're actually trying to achieve, so I can't help you do so, but here are some wrong solutions for your problem that would answer your question as you asked it:
- You can use an RFC1918 address that's not in use on your network and rely on your ISP to drop it for you. For example, if you're only using some parts of 192.168, 10.255.255.1 would be null-routed by your ISP (which would get it thanks to your default gateway).
- You can use an IP address that's reserved for future use (and will probably never be used); that's the old "Class E" range. It'll do the same as above, but will work even if you use all of the private address ranges already (by having much broader netmasks than necessary, I doubt that you'll have millions of attached devices). For example, 254.0.0.1 will never (legally) refer to a real device.
- On the machine where you need this, you can add a drop-only target; using an unused address such as the above, for example,
iptables -I OUTPUT -d 254.0.0.0/8 -j DROPwill ensure anything sent to that "network" will be silently dropped instead of bothering any gateways, or even causing traffic on the actual network interface.
Again, you probably don't actually want any of this, even if you think it's convenient - it's not, it's confusing and non-obvious and not a good solution to whatever your problem really is.
Solution 5
Test Ranges
I would probably suggest one of the "TEST-NET" address ranges, "for use in documentation and examples. It should not be used publicly".
192.0.2.0/24 198.51.100.0/24 203.0.113.0/24
"Bogon" (Bogus/Fake) Ranges
I'm not sure where to say here, this appears to be more of a practice that an Internet gateway would provide, rather than a specific way to implement a packet that is routed somewhere it shoudln't be
Local Ranges
There is also loopback address range, 127.0.0.0/8, eg 127.0.0.255. Though its still possible for things to exist there, specifically any services on the local machine, at least you won't interfere with any machines on the network (unless your have network services that are backed by other network services I guess).
127.0.0.0/8
Illegal Destination Ranges
Perhaps the illegal address 0.0.0.0 can be used as well, though 0.0.0.0/8 is reserved for "Used for broadcast messages to the current ("this")" so there is risk of broatcasting on that.
0.0.0.0/8
The Wikipedia Page for Null Route states:
Null routes are typically configured with a special route flag, but can also be implemented by forwarding packets to an illegal IP address such as 0.0.0.0, or the loopback address.
Related videos on Youtube
09 : 06
05 : 32
02 : 43
03 : 41
04 : 43
Tyler Durden
Updated on September 18, 2022Comments
-
Tyler Durden over 1 year
Is there an IP address that would result in any packet sent to be ignored (blackholed)?
I know I can always set up a router with an IP address and then just have it ignore all packets sent to it, but does such a thing exist to save me the trouble?
-
Adriano P over 10 yearsThere are some devices (like routers and switches from that San Francisco co.) that use a Null interface that could be used as a black hole to malicious traffic. One should point a route to that Null interface so all traffic to that route be discarded.
-
Nowak Grzegorz over 10 yearsI am curious, why is the question tagged "spam-prevention"?
-
VL-80 over 10 years@WChargin, I hope that was a joke -devnull-as-a-service.comdoes not seem to have anything to do with networking and even it does look like a crap. What is this:When we say "government" we mean NSA, CIA, FBI, TSA, Communist Party of China (CPC), Nestle, The Coca-Cola Company, the KGB, some of your coworkers and our friends (especially if there is something funny).? -
wchargin over 10 years@Nikolay yes, it was a joke, as is the website. See their Github README: "It's mostly about the enterprise, cloud, *-as-a-Service and criticism on it." (emphasis mine) -
VL-80 over 10 years@WChargin, I see this point! Nice joke (: !
-
Tyler Durden almost 4 years@MikePennington The idea is to route spam SYN packets to the black hole. If you just refuse them, they move on to the next target. If you blackhole them, their socket blocks until it times out. This can slow down a spam server by 1000x or more. Imagine if we had 1000x less spam.
-
-
LawrenceC over 10 yearsIf you want something that will receive TCP traffic, but do nothing with it, something quick can be setup withnc(ornetcat). As @Nikolay says though, there's not a "blackhole" IP that does this automatically. -
Bandrami over 10 yearsAt least not in IP4
-
Tyler Durden over 10 years254.0.0.1 does not black hole packets, I get a "transmit failure" error.
-
RBerteig over 10 years+1 for "you probably don't actually want any of this..."
-
user2357112 over 10 years@Bandrami: What about IPv6, then?
-
VL-80 over 10 years@user2357112, just look at his answer. It is just below mine.
-
corsiKa over 10 yearsSending data to something reserved for future use is only a good idea until that future use is realized. -
mirabilos over 10 yearsThey can also be REJECTed instead of DROPped, so… -
Bandrami over 10 yearsVery good point, though I highly doubt that IP4 will be expanded much again.
-
WGH about 10 yearsBut is the router guaranteed to drop the packets? Because if it returns ICMP "destination unreachable", it would be not what the OP asked for.
-
Tyler Durden over 8 years192.0.2.0 seems to work on my first try, not returning any packets so far. I will do some more testing.
-
ThorSummoner over 8 yearsI overall opted to use
localhoston the highest port65535though, Because I wanted to ensure no traffic would leave the host. -
Drakes over 6 yearsIf you specify the port, then you have to specify each protocol as well: TCP, UDP, etc. and in doing so, some traffic may escape your rules (e.g. ICMP). -
zeroimpl about 4 yearsThese techniques are quite useful for quickly testing how an application/website behaves when encountering unexpected network glitches...
-
Tyler Durden almost 4 yearsI can confirm that 240.0.0.0 works. When I try to ping that address the computer hangs, which is what we want.
