What are the types of Bogon Addresses?
Bogon addresses are divided into two main categories: Unallocated addresses and reserved addresses. Each type has a distinct purpose and set of restrictions, which helps network administrators decide how to handle them.
Let’s see their differences!
Unallocated Addresses
Unallocated addresses are IP ranges that have not been assigned by IANA for any public or private use. They are "in limbo" IP ranges waiting for potential assignment to new internet service providers (ISPs) or organizations as demand for IP addresses grows. And because these addresses are unallocated, they should not appear in legitimate internet traffic. When they do, it often signals a misconfiguration or potentially malicious activity.
An example:
- An IP address in the range of 100.0.0.0 to 100.63.255.255 was once unallocated and considered a bogon range. However, in 2012, IANA assigned this range for use in Carrier-Grade NAT (CGNAT) by ISPs to manage their customer networks. Unallocated addresses like this can later become valid as the global IP space evolves, emphasizing the need for constant updates to bogon filters.
Reserved Addresses
Reserved addresses include specific IP ranges that have been set aside for special purposes. These addresses are never meant to be routed over the public internet and are reserved for specific types of networking scenarios.
They are:
Private IP Addresses
These addresses are reserved for private network use and include ranges like 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255. These addresses are common in homes, businesses, and other internal networks.
Loopback Addresses
The loopback address (127.0.0.1, for example) is used to test network configurations within a single machine. Loopback addresses allow devices to send data back to themselves without actual network transmission.
Link-Local Addresses
Link-local addresses, such as 169.254.0.0 to 169.254.255.255, are used by devices to communicate within a local network segment when there’s no DHCP server.
Why are Bogon Addresses Important?
Bogon addresses are critical in both network security and operational efficiency. Their detection and filtering play a vital role in maintaining a secure and well-functioning internet.
These are two key areas where they play an essential role:
Network Security
In the field of cybersecurity, bogon IP addresses are often used for illicit purposes. Hackers may "spoof" these addresses—pretending their traffic originates from a bogon range—making it challenging to track the real source of their activities.
A prominent example is Distributed Denial of Service (DDoS) attacks. In them, malicious actors may use bogon addresses to overwhelm a target network, effectively disguising their real IP addresses and making it difficult to counteract the attack.
Network Operations
Internet Service Providers (ISPs) and large-scale network operators rely on bogon filtering to prevent routing issues and optimize network performance. Filtering bogon traffic helps them avoid unnecessary congestion from invalid IP addresses, preventing accidental rerouting or "leaks" in IP address allocations. In this case, if a router accidentally tries to direct traffic to a bogon IP, it can lead to connectivity issues and service disruptions.
How Does Bogon IP Filtering Work?
To protect networks from bogon traffic, network administrators use a process known as bogon filtering. This filtering involves multiple methods to identify and block traffic originating from bogon IP addresses.
Check the options below!
Automated Filtering Tools
Many network security tools have built-in features to recognize and block bogon addresses. These tools rely on regularly updated bogon lists to detect potentially suspicious traffic.
For example, the non-profit organization Team Cymru maintains one of the most popular bogon lists, which monitors unallocated IP ranges in real time. Numerous ISPs and network operators rely on these lists to set their bogon filtering rules.
Regular List Updates
Since IP addresses are regularly reassigned or newly allocated, network operators must update bogon lists frequently. Without the regular updates, IP ranges that were once unassigned but are now legitimate could still be flagged as bogons, leading to unintended blocking of valid traffic. ISPs usually automate these updates to ensure their bogon filters remain accurate.
Firewall Configurations
Firewalls can be configured to block traffic from specific bogon IP ranges. By setting firewall rules that recognize bogon addresses, network administrators can create a layer of security that helps filter out suspicious traffic at the network’s edge.
Common Misconceptions About Bogon Addresses
Due to the complexities of IP address management, bogon addresses are frequently misunderstood. Here are some common misconceptions about bogon IPs:
Confusion with Misconfigured Addresses
Some users mistakenly believe that all traffic from a misconfigured IP address is bogon traffic.
But a misconfigured IP might stem from a legitimate address that is wrongly set up, while a bogon IP refers specifically to unallocated or reserved IP ranges.
Obsolete Bogon Ranges
Over time, some IP ranges that were once classified as bogon addresses can become legitimate as they are allocated for use by IANA.For example, the exhaustion of IPv4 addresses has required the reallocation of previously unassigned addresses. To prevent accidentally blocking legitimate traffic, network operators must differentiate between outdated bogon IPs and those that remain unassigned.
Conclusion
Bogon addresses, although they are not intended for visibility on the public internet, they play a crucial role in maintaining both network security and operational efficiency. Their presence in network traffic serves as a warning sign, often indicating misconfigurations or potential security threats that could compromise network integrity. As cyberattacks become increasingly sophisticated, the importance of effective bogon filtering cannot be overstated.
By actively monitoring, filtering, and regularly updating bogon lists, network administrators can significantly improve the security posture of their networks. Implementing proper bogon filtering ensures that only legitimate IP traffic is allowed to pass through, which minimizes vulnerabilities and helps safeguard sensitive data from unauthorized access.
Moreover, maintaining an up-to-date understanding of bogon addresses contributes to the overall health and performance of the internet infrastructure. This proactive approach ensures smooth and reliable network operations, ultimately fostering a safer online environment for all users.