Bogon IP addresses (IPV4 & IPV6)

What is a bogon?

A bogon refers to an Internet Protocol (IP) address that is not legitimately recognized, as it has not been officially allocated to any organization by an Internet registration authority like the Internet Assigned Numbers Authority (IANA). 

The emergence of bogons is typically due to incorrect configurations or deliberate misuse, creating ambiguity about the true origin of the IP address. The term 'bogon' itself is derived from the slang word 'bogus,' indicating its illegitimate nature.

What is a bogon address?

Bogon IP addresses are those not allocated to any organization by authorities such as the IANA or Regional Internet Registries (RIRs). These unassigned IPs form what is known as the 'bogus space.' Additionally, bogons encompass certain reserved private addresses and link-local address ranges, often referred to as 'Martian Packets.' Over time, IANA or an RIR might allocate these bogon IP addresses, changing their status.

It’s important to note that Bogon and Martian addresses are not the same thing. Bogon addresses include unallocated IP address spaces, while Martian addresses are reserved IPs for special-use purposes and are not meant to be routable on the public internet. Martian addresses cover ranges like loopback addresses and private IPv4 address spaces such as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.  

As bogon IP addresses do not correspond to any specific internet user or server, they cannot be geolocated. As a result, geolocation applications typically do not return location data for bogon range IPs but may indicate their bogon status.

How does a bogon work?

In the realm of internet infrastructure, IP addresses serve as unique identifiers for entities like websites or servers. These addresses are allocated by IANA or other regional internet registries and are vital for communication between different network points.

The collection of officially registered IP addresses constitutes the reserved space. An IP address is identified as a bogon when it doesn't belong to this reserved space or is part of the unassigned 'bogon space.'

An IP address's classification as a bogon can be temporary. With the dynamic nature of the IANA registry continually updating and assigning new IP spaces, what is considered a bogon today may become a legitimate address in the future. For instance, the address range in 49.0.0.0/8 was unallocated before August 2010 but is now assigned by APNIC (Asia Pacific Network Information Centre), the RIR for the Asia-Pacific region. 

Updates on new assignments are frequently shared on network operators' mailing lists like NANOG to inform them about the legitimacy of previously bogon IP addresses.

Risks & Prevention of bogons

Bogons, typically invisible over a network, are susceptible to misuse. Cybercriminals, such as hackers or spammers, often exploit bogons, particularly in distributed denial-of-service (DDoS) attacks, since bogon packets cannot be traced back to a real source. 

Additionally, these packets can be used to conduct TCP SYN scanning attacks or to transmit harmful data stealthily. Although routers are designed to avoid bogons in routing tables, they generally only scrutinize the destination IP address, not the source, leading to the forwarding of bogon packets.

To mitigate the risks posed by bogons, many internet service providers (ISPs) employ bogon filtering. This process involves setting up access control lists or Border Gateway Protocol (BGP) blocklists on devices. Lists of current bogons are accessible through various channels, including routing registries, the Hypertext Transfer Protocol, domain name systems, and BGP peering.

When a bogon becomes a legitimate address, it is often announced on network operators' mailing lists. This enables organizations to update their filters accordingly. Additionally, software tools that dynamically manage the blocking and unblocking of bogons on network devices are available and can be a useful resource for organizations seeking to enhance their network security.

IPv4 Bogon Ranges

The Internet Protocol version 4 (IPv4) serves as a protocol designed for packet-switched networks at the Link Layer level, such as Ethernet.

0.0.0.0/8 "This" network
10.0.0.0/8 Private-use networks
100.64.0.0/10 Carrier-grade NAT
127.0.0.0/8 Loopback
127.0.53.53 Name collision occurrence
169.254.0.0/16 Link local
172.16.0.0/12 Private-use networks
192.0.0.0/24 IETF protocol assignments
192.0.2.0/24 TEST-NET-1
192.168.0.0/16 Private-use networks
198.18.0.0/15 Network interconnect device benchmark testing
198.51.100.0/24 TEST-NET-2
203.0.113.0/24 TEST-NET-3
224.0.0.0/4 Multicast
240.0.0.0/4 Reserved for future use
255.255.255.255/32 Limited broadcast

IPv6 Bogon Ranges

According to Linksys, the main difference between IPv4 and IPv6 is the appearance of the IP addresses: 

  • IPv4 uses four 1-byte decimal numbers, separated by a dot. For example, 192.168.1.1 
  • IPv6 uses hexadecimal numbers that are separated by colons. For example, fe80::d4a8:6435:d2d8:d9f3b11
::/128 Node-scope unicast unspecified address
::1/128 Node-scope unicast loopback address
::ffff:0:0/96 IPv4-mapped addresses
::/96 IPv4-compatible addresses
100::/64 Remotely triggered black hole addresses
2001:10::/28 Overlay routable cryptographic hash identifiers (ORCHID)
2001:db8::/32 Documentation prefix
fc00::/7 Unique local addresses (ULA)
fe80::/10 Link-local unicast
fec0::/10 Site-local unicast (deprecated)
ff00::/8 Multicast

Additional Bogon Ranges

These ranges do not officially constitute IPv6 bogon ranges; instead, they represent IPv6 versions of various IPv4 bogon ranges.

2002::/24 6to4 bogon (0.0.0.0/8)
2002:a00::/24 6to4 bogon (10.0.0.0/8)
2002:7f00::/24 6to4 bogon (127.0.0.0/8)
2002:a9fe::/32 6to4 bogon (169.254.0.0/16)
2002:ac10::/28 6to4 bogon (172.16.0.0/12)
2002:c000::/40 6to4 bogon (192.0.0.0/24)
2002:c000:200::/40 6to4 bogon (192.0.2.0/24)
2002:c0a8::/32 6to4 bogon (192.168.0.0/16)
2002:c612::/31 6to4 bogon (198.18.0.0/15)
2002:c633:6400::/40 6to4 bogon (198.51.100.0/24)
2002:cb00:7100::/40 6to4 bogon (203.0.113.0/24)
2002:e000::/20 6to4 bogon (224.0.0.0/4)
2002:f000::/20 6to4 bogon (240.0.0.0/4)
2002:ffff:ffff::/48 6to4 bogon (255.255.255.255/32)
2001::/40 Teredo bogon (0.0.0.0/8)
2001:0:a00::/40 Teredo bogon (10.0.0.0/8)
2001:0:7f00::/40 Teredo bogon (127.0.0.0/8)
2001:0:a9fe::/48 Teredo bogon (169.254.0.0/16)
2001:0:ac10::/44 Teredo bogon (172.16.0.0/12)
2001:0:c000::/56 Teredo bogon (192.0.0.0/24)
2001:0:c000:200::/56 Teredo bogon (192.0.2.0/24)
2001:0:c0a8::/48 Teredo bogon (192.168.0.0/16)
2001:0:c612::/47 Teredo bogon (198.18.0.0/15)
2001:0:c633:6400::/56 Teredo bogon (198.51.100.0/24)
2001:0:cb00:7100::/56 Teredo bogon (203.0.113.0/24)
2001:0:e000::/36 Teredo bogon (224.0.0.0/4)
2001:0:f000::/36 Teredo bogon (240.0.0.0/4)
2001:0:ffff:ffff::/64 Teredo bogon (255.255.255.255/32)

16th January 2024

"Hands down one of the best marketing tools you are not using"

Chad T. - Web & Digital Media Director

Get started in minutes
No credit card required
Free on-boarding support
Your Privacy

We uses cookies to improve your experience on our site, analyse site traffic and to show you relevant content. By using our website, you consent to our use of cookies. For more information please, see our Privacy Policy

ACCEPT ALL
ACCEPT NECESSARY
REJECT ALL