Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5535
Views
6
Helpful
4
Replies

sink-hole router

minimintu
Level 1
Level 1

‎11-22-2005 11:20 PM - edited ‎03-03-2019 11:03 AM

what is sink-hole router?...what is the concept behind it?....plz tell me in detail

Labels:
0 Helpful
4 Replies 4

spremkumar
Level 9
Level 9

‎11-23-2005 12:28 AM

Hi

AFAIK its used to track/examine the usual DOS attacks in large SP networks..

do find the info about both sinkhole router and routing..

Use Sink-Hole Routers to Identify Infected Systems

Sink-hole routers are typically used by a service provider to redirect malicious IP traffic to a single IP address where the traffic can be examined in greater detail. Service providers can use this concept to identify networks and individual hosts where worm traffic is originating. This concept can also be applied within an enterprise architecture environment to identify hosts that are infected by a worm and are actively seeking additional target systems. Setting up a sink-hole router will assist in determining which systems in the environment are infected when NIDS is not available, either due to insufficient resources to deploy NIDS or other architectural constraints. This works by using addresses not yet allocated by the Internet Assigned Numbers Authority (IANA) that some worms will inadvertently attempt to exploit. The sink-hole router advertises these networks locally (only), and any attempts at reaching them will then be routed to the router. Once received, they can be logged and discarded. The logs will provide a list of infected hosts.

Sinkhole Routing

If the ISP is interested instead in examining the flooding attack and stopping it, it can use sink-hole routing. This works by injecting a more specific route from one of the ISP's routers than the subnet route you advertise, which is under attack. For example, if your subnet is 192.0.2.0/24 and IP address 192.0.2.52 is under attack, the ISP can inject a route specifically to the 192.0.2.52/32 address that redirects the attack traffic to a network honeypot of sorts, where the ISP can examine and classify the traffic

regds

Richard Gallagher
Level 1
Level 1
In response to spremkumar

‎11-23-2005 06:05 AM

Try the following pdf, it should give you more than you need to know:

http://www.cisco.com/warp/public/732/Tech/security/docs/blackhole.pdf

0 Helpful

vlausell
Level 1
Level 1
In response to Richard Gallagher

‎12-18-2023 06:56 AM

this link is no longer working.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to vlausell

‎12-18-2023 08:33 AM

A link that is 18 years old not working is not surprising. I am not sure that this link is exactly what you are looking for but I hope you may find it helpful:

https://www.cisco.com/c/dam/en_us/about/security/intelligence/blackhole.pdf

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card