What is a bogon?

How does a bogon work?

Internet infrastructure uses IP addresses to identify a unique entity, such as a website or server. IANA or another regional internet registry allocates each instance over a network and IP address. Once assigned, these addresses then perform communication between two endpoints.

The range of registered IP addresses is known as the reserved space. A bogon occurs when an IP address doesn't fall into this registered range or is part of the address space known as the bogon space.

Some IP addresses are only temporary bogons. The IANA registry constantly updates and assigns new address spaces. Private IP addresses fall within the bogon description because they can't be found on the public internet.

Risks associated with bogons

Usually, bogons aren't visible over a network but are still prime targets for exploitation. For example, hackers or spammers use bogons when initiating a distributed denial-of-service attack because it's impossible to trace bogon packets back to a host or source.

In addition, bogons can launch Transmission Control Protocol SYN scanning attacks and secretly transfer malicious information. Bogons should never appear in the routing table. However, routers don't detect bogons because routers examine only the destination IP address rather than the source IP address.

Prevention of bogons

Many internet service providers, firewalls and intrusion prevention systems block bogons through bogon filtering. This is the practice of assigning access control lists or Border Gateway Protocol (BGP) blocklists to a device. Various sources have a list of bogons, including HTTP, BGP peering, routing registries and the domain name system.

If a bogon becomes legitimate, it's usually on the network operator's mailing lists so it can remove the address from filters. Organizations should consider using a software tool that dynamically blocks and unblocks bogons on devices.