Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A catch-all route (0.0.0.0/0 in IPv4) that forwards packets to a next hop when no specific routing-table entry matches the destination.
Default Route Definition: A catch-all route (0.0.0.0/0 in IPv4) that forwards packets to a next hop when no specific routing-table entry matches the destination.
A default route is a catch-all routing entry that tells a network device where to forward a packet when no more specific route matches the destination IP address. Written as 0.0.0.0/0 in IPv4 (or ::/0 in IPv6), it is the route of last resort, typically pointing to the gateway that leads toward the internet or upstream networks.
Routers and hosts perform longest-prefix-match lookups against the routing table. Because 0.0.0.0/0 is the least specific possible prefix, it only wins when no other entry matches, ensuring otherwise-unrouted traffic still has a next hop. The default route can be configured statically (for example, ip route 0.0.0.0 0.0.0.0 next-hop) or learned dynamically, such as a default-originate advertisement from an upstream router via OSPF or BGP.
From a security standpoint, the default route defines where all unknown traffic flows, making it a key control and a potential risk. A misconfigured or maliciously injected default route can silently divert an entire network's outbound traffic through an attacker-controlled device, enabling interception or exfiltration. Conversely, deliberately omitting or null-routing default traffic (a black hole) is a defensive technique to drop unwanted packets, and segmented networks often withhold a default route to contain hosts.
For example, a branch office router has specific routes for internal subnets and a single default route pointing to the corporate firewall. When a workstation requests an external website, no internal route matches, so the router follows 0.0.0.0/0 to the firewall, which inspects and forwards the traffic. If an attacker injected a rogue default route advertisement pointing elsewhere, that same browsing traffic could be rerouted through their system, which is why route advertisements should be authenticated and filtered.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →