Movatterモバイル変換

Bogon filtering

From Wikipedia, the free encyclopedia

Discarding network packets with bogus addressing

Bogon filtering is the practice of blockingpackets known asbogons, which are ones sent to acomputer network claiming to originate from invalid or bogusIP addresses, known asbogon addresses.^[1]

Etymology

[edit]

The termbogon stems fromhacker jargon, with the earliest appearance in theJargon File in version 1.5.0 (dated 1983).^[2] It is defined as thequantum ofbogosity, or the property of being bogus. A bogon packet is frequently bogus both in the conventional sense of being forged for illegitimate purposes, and in thehackish sense of being incorrect, absurd, and useless.^{[citation needed]} An alternative etymology suggests that 'bogon' derives from a portmanteau of "bogus logon", or a logon from a place you know no one can actually logon.^[3]

Types of bogon addresses

[edit]

Areas of unallocated address space are called thebogon space. These are that are not in any range allocated theInternet Assigned Numbers Authority (IANA) or aregional Internet registry (RIR) for public internet use.

Bogon IPs also include some address ranges from allocated space. For example, addresses reserved forprivate networks^[4]^[5], such as those in10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 andfc00::/7,^[5]loopback interfaces like127.0.0.0/8 and::1, andlink-local addresses like169.254.0.0/16 andfe80::/64 can be bogon addresses. Addresses forCarrier-grade NAT,Teredo, and6to4 and documentation prefixes also fall into this category.^[6] IP packets using these as source addresses are sometimes known asMartian packets.

Blocking and filtering

[edit]

ManyISPs and end-userfirewalls filter and block bogons, because they have no legitimate use, and usually are the result of accidental misconfiguration or malicious intent. Bogons can be filtered by usingrouter access-control lists (ACLs), or byBGP blackholing.

Former bogon addresses

[edit]

IP addresses in the bogon space may cease to be bogons because IANA frequently assigns new address. Announcements of new assignments are often published onnetwork operators'mailing lists (such asNANOG) to ensure that bogon filtering can be removed for addresses that have become legitimate. For example, addresses in49.0.0.0/8 were not allocated prior to August 2010, but are now used byAPNIC.^[7]

As of November 2011^[update], theInternet Engineering Task Force (IETF) recommends that,since there are no longer any unallocated IPv4/8s, IPv4 bogon filters based on registration status should be removed.^[8]However, bogon filters still need to check for Martian packets.

References

[edit]

^"What is a bogon address?".APNIC. Retrieved1 November 2024.
^Guy L. Steele Jr.; Donald R. Woods; Raphael A. Finkel; Mark R. Crispin; Richard M. Stallman; Geoffrey S. Goodfellow (1983)."The Hacker's Dictionary: A Guide to the World of Computer Wizards".Jargon File Text Archive : A large collection of historical versions of the Jargon File. Archived fromthe original on November 8, 2020. Retrieved28 May 2021.
^"Ian McAnerin and Mike Churchill - 2005".McAnerin Networks Inc. Archived fromthe original on 2007-04-14. Retrieved16 May 2020.
^Y. Rekhter; B. Moskowitz; D. Karrenberg; G. J. de Groot; E. Lear (February 1996).Address Allocation for Private Internets. Network Working Group.doi:10.17487/RFC1918. BCP 5. RFC 1918.Best Current Practice 5. ObsoletesRFC 1627 and1597. Updated byRFC 6761.
^^a ^bR. Hinden; B. Haberman (October 2005).Unique Local IPv6 Unicast Addresses. Network Working Group.doi:10.17487/RFC4193.RFC 4193.Proposed Standard.
^"Bogon IP addresses". ipgeolocation. Retrieved27 Jan 2022.
^"IANA IPv4 Address Space Registry".IANA. 2010-02-22.Archived from the original on 2010-04-30. Retrieved2010-03-18.
^L. Vegoda (November 2011).Time to Remove Filters for Previously Unallocated IPv4 /8s.Internet Engineering Task Force.doi:10.17487/RFC6441.ISSN 2070-1721. BCP 171. RFC 6441.Best Current Practice.