Bogon filtering
Bogon filtering is the practice of filtering bogons, which are bogus (fake) IP addresses of a computer network. Bogons include IP packets on the public Internet that contain addresses that are not in any range allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated regional Internet registry (RIR) and allowed for public Internet use. The areas of unallocated address space are called the bogon space.
Bogons also include some address ranges from allocated space, also known as Martian packets, mainly when they are being used as source address. Addresses reserved for private networksREFERENCE FOR RFC1918 IS NOT DEFINED YET. You are invited to add it here.'REFERENCE FOR RFC4193 IS NOT DEFINED YET. You are invited to add it here., such as those in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and fc00::/7,REFERENCE FOR RFC4193 IS NOT DEFINED YET. You are invited to add it here. loopback interfaces like 127.0.0.0/8 and ::1, and link-local addresses like 169.254.0.0/16 and fe80::/64 are part of it. Also addresses for Carrier-grade NAT, Teredo, and 6to4 and documentation prefixes fall into this category.[1]
Many ISPs and end-user firewalls filter and block bogons, because they have no legitimate use, and usually are the result of accidental misconfiguration or malicious intent. Bogons can be filtered by using router access-control lists (ACLs), or by BGP blackholing.
IP addresses that are currently in the bogon space may not be bogons at a later date because IANA and other registries frequently assign new address space to ISPs. Announcements of new assignments are often published on network operators' mailing lists (such as NANOG) to ensure that operators have a chance to remove bogon filtering for addresses that have become legitimate. For example, addresses in 49.0.0.0/8 were not allocated prior to August 2010, but are now used by APNIC.[2] (As of November 2011), the Internet Engineering Task Force (IETF) recommends that, since there are no longer any unallocated IPv4 /8s, IPv4 bogon filters based on registration status should be removed.REFERENCE FOR RFC6441 IS NOT DEFINED YET. You are invited to add it here. However, bogon filters still need to check for Martian packets.
Etymology
The term bogon stems from hacker jargon, with the earliest appearance in the Jargon File in version 1.5.0 (dated 1983).[3] It is defined as the quantum of bogosity, or the property of being bogus. A bogon packet is frequently bogus both in the conventional sense of being forged for illegitimate purposes, and in the hackish sense of being incorrect, absurd, and useless.[citation needed]
These unused IP addresses are collectively known as a bogon, a portmanteau of "bogus logon", or a logon from a place you know no one can actually logon.[4]
See also
- Reverse-path forwarding
- IP hijacking
- IP address spoofing
- Ingress filtering
- Internet background noise
References
- ↑ "Bogon IP addresses". ipgeolocation. https://ipgeolocation.io/resources/bogon.html.
- ↑ "IANA IPv4 Address Space Registry". IANA. 2010-02-22. https://www.iana.org/assignments/ipv4-address-space/.
- ↑ "The Hacker's Dictionary: A Guide to the World of Computer Wizards" (in English). 1983. http://jargon-file.org/archive/jargon-1.5.0.dos.txt.
- ↑ "Ian McAnerin and Mike Churchill - 2005". http://www.mcanerin.com/EN/articles/bogon-01.asp.
External links
- Bogons Ate My Website
- Bogon traffic analysis report, netflow and spam analysis
- RIPE NCC: De-Bogonising New Address Blocks
- Team Cymru Bogon Reference
 |  |
