This is a network security measure used to handle unwanted or potential harmful traffic. If the traffic is unwanted or harmful, all the data sent to a particular IP address or network is intentionally discarded or ignored, without informing the source of the traffic. This is a technique that’s used to protect networks by dropping malicious or excess traffic before it can cause harm or overwhelm resources.
Implementing this technique involves configuring network devices like routers or firewalls to discard traffic headed to specific destinations, this can be done statically by always blocking traffic to certain IPs or dynamically in response to network events.
- Static: Configured manually on a router or firewall to always discard traffic from or to specific IP Addresses.
- Dynamic: Automated reaction to network conditions, by using protocols like BGP (Border Gateway Protocol), routers can route specific traffic to a null destination. This is often used by ISPs during DDoS attacks to prevent malicious traffic from affecting network infrastructure.
Attacks it can mitigate
- Distributed Denial of Service (DDoS)
- Botnet Traffic
- Worm Traffic
- Network Scans