Infrastructure Layer
AttacksBlackhole Attack
The Blackhole Gremlin drops IP packets at the transport layer, targeted by supplied port and host arguments.
Linux
The Blackhole Gremlin uses existing traffic policing features in the Linux Kernel to drop targeted IP packets.
This Gremlin does not interact with iptables, and so it does not interfere with any existing iptables rulesets.
This Gremlin requires the NET_ADMIN capability, which is enabled for Gremlin by default at installation time. See capabilities(7)
Windows
The Blackhole Gremlin uses the Windows Filtering Platform to drop targeted IP packets.
Options
| Parameter | Flag | Required | Default | Version | Description |
|---|---|---|---|---|---|
| IP Addresses | -i IP address | False | 0.0.1 | Only impact traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24). | |
| Device | -d interface | False | Device discovery | 0.0.1 | Impact traffic over this network interface. |
| Hostnames | -h hostnames | False | ^api.gremlin.com | 0.0.1 | Only impact traffic to these hostnames. |
| Egress Ports | -p port numbers | False | ^53 | 0.0.1 | Only impact egress traffic to these destination ports. Also accepts port ranges (e.g. 8080-8085). |
| Ingress Ports | -n port numbers | False | 0.0.1 | Only impact ingress traffic to these destination ports. Also accepts port ranges (e.g. 8080-8085). | |
| Protocol | -P {TCP, UDP, ICMP} | False | all | 1.5.3 | Only impact a specific protocol. |
| Providers | WebUI and API Only | False | 0.0.1 | External service providers to affect. | |
| Tags | WebUI and API Only | False | 0.0.1 | Only impact traffic to hosts running Gremlin clients associated with these tags. | |
| Length | -l int | False | 60 | 0.0.1 | The length of the attack (seconds). |