Infrastructure Layer
Attacks

Blackhole Attack

The Blackhole Gremlin drops IP packets at the transport layer, targeted by supplied port and host arguments.

Linux

The Blackhole Gremlin uses existing traffic policing features in the Linux Kernel to drop targeted IP packets.

This Gremlin does not interact with iptables, and so it does not interfere with any existing iptables rulesets.

This Gremlin requires the NET_ADMIN capability, which is enabled for Gremlin by default at installation time. See capabilities(7)

Windows

The Blackhole Gremlin uses the Windows Filtering Platform to drop targeted IP packets.

Options

ParameterFlagRequiredDefaultVersionDescription
IP Addresses-i IP addressFalse0.0.1Only impact traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24).
Device-d interfaceFalseDevice discovery0.0.1Impact traffic over this network interface.
Hostnames-h hostnamesFalse^api.gremlin.com0.0.1Only impact traffic to these hostnames.
Remote Ports-p port numbersFalse^530.0.1Only impact outgoing traffic to these remote ports. Also accepts port ranges (e.g. 8080-8085).
Local Ports-n port numbersFalse0.0.1Only impact outgoing traffic from these local ports. Also accepts port ranges (e.g. 8080-8085).
Protocol-P {TCP, UDP, ICMP}Falseall1.5.3Only impact a specific protocol.
ProvidersWebUI and API OnlyFalse0.0.1External service providers to affect.
TagsWebUI and API OnlyFalse0.0.1Only impact traffic to hosts running Gremlin clients associated with these tags.
Length-l intFalse600.0.1The length of the attack (seconds).