What in the world is a Bogon IP address?
Understanding Bogon IP Addresses through an Analogy
Imagine you're playing a game of "Among Us," where the goal is to identify the impostor among the crew members. In this scenario, legitimate crewmates resemble the assigned and recognized IP addresses that everyone can trust in a network. However, the impostor, who can disrupt and cause chaos, represents the bogon IP address.
Just as the impostor pretends to be a part of the crew to achieve its objectives, a bogon IP tries to pass off as a legitimate address, potentially bringing harmful effects to a network. Network filters act like vigilant crewmates who try to spot the impostor and keep them from causing harm.
Both impostors and bogon IP addresses can create significant issues if not identified and managed properly. In our networks, it is crucial to monitor and filter out these deceptive IP addresses, just as it is in the game to eject the impostor before it's too late. What is an IP address.
A bogon IP address (not bogone I P address) is an IP address that is not allocated to any entity by the Internet Assigned Numbers Authority (IANA) or the Regional Internet Registries (RIRs). These addresses are typically used by malicious actors to intrude on networks without being traced. Bogon space refers to the unassigned/reserved I P address blocks. Networks may also filter bogon IP addresses to prevent these types of attacks.
What is a Bogon packet in computer networks?
A bogon packet is a data packet that comes from a bogon IP address. These packets are typically unwanted or potentially harmful as they originate from unallocated IP address spaces. Network administrators often set up filters to block bogon packets, helping to mitigate network security risks and prevent illegitimate access attempts. Bogon lists for both IPV4 and IPV6 are listed seperately. Bogon IP addresses(IPV4/IPV6) are mainly decided by the Internet Assigned Numbers Authority (IANA) and a some other internet registries.
List of Bogon IPV4 Address Ranges
- 0.0.0.0/8: "This network"
- 10.0.0.0/8: Private network
- 100.64.0.0/10: Shared address space
- 127.0.0.0/8: Loopback
- 169.254.0.0/16: Link local
- 172.16.0.0/12: Private network
- 192.0.2.0/24: TEST-NET-1
- 192.168.0.0/16: Private network
- 198.18.0.0/15: Network benchmark tests
- 198.51.100.0/24: TEST-NET-2
- 203.0.113.0/24: TEST-NET-3
- 224.0.0.0/4: Multicast
- 240.0.0.0/4: Reserved for future use
List of Bogon IPV6 Address Ranges
- ::1/128: Loopback
- ::/128: Unspecified Address
- ::ffff:0:0/96: IPv4-mapped IPv6 addresses
- 64:ff9b::/96: IPv4-IPv6 translation
- 100::/64: Discard-Only Address Block
- 2001:2::/48: Benchmarking
- 2001:db8::/32: Documentation
- 2001:10::/28: ORCHID
- 2002::/16: 6to4
- fc00::/7: Unique-Local Addresses
- fe80::/10: Link-Local Unicast
The Malicious Use of Bogon IP Addresses
Historically, bogon IP addresses have been wielded by cybercriminals to carry out a variety of illicit activities. One notable instance is their use in Distributed Denial of Service (DDoS) attacks, where attackers harness these unassigned IP addresses to overwhelm a target system with excessive traffic, causing disruption and potential downtime.
Another example includes email spamming operations. By sending spam from bogon IP spaces, malicious actors can evade detection and blacklisting, exploiting the anonymity provided by these unallocated regions of the IP spectrum.
In 2001, a series of attacks on the root DNS servers utilized bogon addresses, highlighting the critical role of monitoring and filtering unrouted addresses to protect network infrastructure.
How to Defend Against Bogon IP Addresses
- Implement Bogon Filtering on Network Devices
- Use Regular Updates of Bogon Lists
- Monitor Network Traffic for Suspicious Activity
- Utilize Firewalls to Block Bogon Addresses
- Collaborate with Internet Service Providers for Improved Security