Tunnel Dataillustration tunnel data glow blue

Blackhole routing is a DDoS mitigation strategy that eliminates all traffic from specific sources.

What is DDoS blackhole routing?

DDoS blackhole routing/filtering (sometimes called blackholing), is a countermeasure to mitigate a DDoS attack in which network traffic is routed into a “black hole” and is lost. When blackhole filtering is implemented without specific restriction criteria, both legitimate and malicious network traffic is routed to a null route or black hole and dropped from the network. When using connectionless protocols, such as UDP, no notification of the dropped data will be returned to the source. With connection-oriented protocols like TCP, which require a handshake to connect with the target system, a notification will be returned if the data is dropped.

For organizations with no other means of blocking an attack, blackholing is a widely available option. This mitigation method may have serious consequences, potentially making it an undesirable option to mitigate a DDoS attack. Similar to the way antibiotics destroy both good and bad bacteria when implemented improperly, this type of DDoS mitigation will indiscriminately disrupt sources of traffic to the network or service. Sophisticated attacks will also use variable IP addresses and attack vectors, which can limit the effectiveness of this type of mitigation as a sole means of disrupting the attack.

A key consequence of using blackhole routing when good traffic is also affected is that the attacker has essentially accomplished their goal of disrupting traffic to the target network or service. Even though it can help a malicious actor accomplish their goal, blackhole routing can still be useful when the target of the attack is a small site that’s part of a larger network. In that case, blackholing the traffic directed at the targeted site could protect the larger network from the effects of the attack.

Case study: how a Pakistani ISP shut down YouTube with blackhole routing

In 2008, YouTube was down for hours one-day thanks to Pakistan Telecom’s use of blackhole routing. This happened after the Pakistani Ministry of Communication sent out orders to have YouTube blocked nationwide in response to a YouTube video that contained a Dutch cartoon depicting the prophet Muhammad. Pakistan’s government-owned telecommunication service responded to these orders with a blackhole routing solution, but their solution created unexpected side effects.

Pakistan Telecom created a black hole route and broadcast instructions claiming to be the legitimate destination for anyone trying to reach YouTube’s web addresses. That traffic was then sent to the black route and dropped. The problem is that Pakistan Telecom used BGP (BGP stands for Border Gateway Protocol; it manages how packets are routed across the Internet.)to share this route with ISPs worldwide. So Pakistan effectively broadcasts to Internet providers worldwide that they were the correct destination for YouTube traffic, sending all YouTube-bound traffic into a black hole. Fortunately, YouTube has a very sophisticated technical team, and they were able to identify and fix the problem within hours. Still, this example shows a serious risk of using blackhole routing.


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

Please enter CoinGecko Free Api Key to get this plugin works.