bogon

What is a bogon?

A bogon is an illegitimate Internet Protocol address that falls into a set of IP addresses that have not been officially assigned to an entity by an internet registration institute, such as the Internet Assigned Numbers Authority (IANA). Bogons arise as a result of a misconfiguration or intentional misuse that tricks recipients about its source IP address. The term bogon is a slang term and derives from the word bogus.

How does a bogon work?

Internet infrastructure uses IP addresses to uniquely identify an entity, such as a website or server. IANA or another regional internet registry allocates each instance over a network and IP address. Once assigned, these addresses then perform communication between two endpoints.

The range of registered IP addresses is known as the reserved space. A bogon occurs when an IP address does not fall into this registered range or is part of the address space known as the bogon space.

Some IP addresses might only be considered a bogon temporarily, as the IANA registry constantly updates and assigns new address spaces. Private IP addresses can fall under the bogon description because they can't be found on the public internet.

Risks associated with bogons

Bogons are not normally visible over a network, but are still prime targets for exploitation. For example, hackers or spammers commonly use bogons when initiating a distributed denial-of-service attack because bogon packets can't be traced back to an actual host or source.

In addition, bogons can launch Transmission Control Protocol SYN scanning attacks and secretly transfer malicious information. While bogons should never appear in the routing table, routers will not detect bogons because routers only examine the destination IP address rather than the source IP address.

Prevention of bogons

Many internet service providers, firewalls and intrusion prevention systems block bogons through bogon filtering, or the practice of assigning access control lists or Border Gateway Protocol (BGP) blocklists to a device. A list of bogons can be obtained from a variety of sources, including Hypertext Transfer Protocol, BGP peering, routing registries and the domain name system.

If a bogon becomes legitimate, it can usually be found on the network operator's mailing lists so that the address can be removed from filters. Organizations might want to consider a software tool that dynamically blocks and unblocks bogons on devices.

Editor's note: This article was updated in February 2023 to improve the reader experience.