Bogon networks

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

A bogon network is a range of IP addresses that are otherwise known as bogon addresses, those defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority.

Bogon IP addresses can, not entirely accurately, be thought of as fake IP addresses. The bogon IP space not assigned to any entity by Internet Assigned Numbers Authority (IANA) and RIR (Regional Internet Registry) may be as of yet unassigned or may be specially reserved for private network use. Addresses reserved for IPv4 Private Address Space, such as those in 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are considered bogon. Local machine loopback addresses like those in 127.0.0.0/8 and link-local addresses like 169.254.0.0/16 are also bogon.

bogon IP address ranges

IPv4 Bogon Ranges

0.0.0.0/8		"This" network
10.0.0.0/8		Private-use networks
100.64.0.0/10		Carrier-grade NAT
127.0.0.0/8		Loopback
127.0.53.53		Name collision occurrence
169.254.0.0/16		Link local
172.16.0.0/12		Private-use networks
192.0.0.0/24		IETF protocol assignments
192.0.2.0/24		TEST-NET-1
192.168.0.0/16		Private-use networks
198.18.0.0/15		Network interconnect device benchmark testing
198.51.100.0/24		TEST-NET-2
203.0.113.0/24		TEST-NET-3
224.0.0.0/4		Multicast
240.0.0.0/4		Reserved for future use
255.255.255.255/32	Limited broadcast

IPv6 Bogon Ranges

::/128			Node-scope unicast unspecified address
::1/128			Node-scope unicast loopback address
::ffff:0:0/96		IPv4-mapped addresses
::/96			IPv4-compatible addresses
100::/64		Remotely triggered black hole addresses
2001:10::/28		Overlay routable cryptographic hash identifiers (ORCHID)
2001:db8::/32		Documentation prefix
fc00::/7		Unique local addresses (ULA)
fe80::/10		Link-local unicast
fec0::/10		Site-local unicast (deprecated)
ff00::/8		Multicast (Note: ff0e:/16 is global scope and may appear on the global internet.)

IPv6 Additional Bogon Ranges

2002::/24		6to4 bogon (0.0.0.0/8)
2002:a00::/24		6to4 bogon (10.0.0.0/8)
2002:7f00::/24		6to4 bogon (127.0.0.0/8)
2002:a9fe::/32		6to4 bogon (169.254.0.0/16)
2002:ac10::/28		6to4 bogon (172.16.0.0/12)
2002:c000::/40		6to4 bogon (192.0.0.0/24)
2002:c000:200::/40	6to4 bogon (192.0.2.0/24)
2002:c0a8::/32		6to4 bogon (192.168.0.0/16)
2002:c612::/31		6to4 bogon (198.18.0.0/15)
2002:c633:6400::/40	6to4 bogon (198.51.100.0/24)
2002:cb00:7100::/40	6to4 bogon (203.0.113.0/24)
2002:e000::/20		6to4 bogon (224.0.0.0/4)
2002:f000::/20		6to4 bogon (240.0.0.0/4)
2002:ffff:ffff::/48	6to4 bogon (255.255.255.255/32)
2001::/40		Teredo bogon (0.0.0.0/8)
2001:0:a00::/40		Teredo bogon (10.0.0.0/8)
2001:0:7f00::/40	Teredo bogon (127.0.0.0/8)
2001:0:a9fe::/48	Teredo bogon (169.254.0.0/16)
2001:0:ac10::/44	Teredo bogon (172.16.0.0/12)
2001:0:c000::/56	Teredo bogon (192.0.0.0/24)
2001:0:c000:200::/56	Teredo bogon (192.0.2.0/24)
2001:0:c0a8::/48	Teredo bogon (192.168.0.0/16)
2001:0:c612::/47	Teredo bogon (198.18.0.0/15)
2001:0:c633:6400::/56	Teredo bogon (198.51.100.0/24)
2001:0:cb00:7100::/56	Teredo bogon (203.0.113.0/24)
2001:0:e000::/36	Teredo bogon (224.0.0.0/4)
2001:0:f000::/36	Teredo bogon (240.0.0.0/4)
2001:0:ffff:ffff::/64	Teredo bogon (255.255.255.255/32)

blocking bogon networks for security

Many appliance firewalls come preconfigured to block bogon networks with rules to accomplish said task

  • Block private networks: blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 subnets.
  • Block bogon networks: blocks any unallocated IP subnets (typically retrieved Monthly).

Never block all bogon networks on for LAN or WLAN or you will no longer have access!

No bogon prefix should ever appear in an Internet routing table. A packet routed over the Internet other than those within a VPN tunnel should never have a bogon address or be part of a bogon network range. The security threat in bogon networks resides in that Bogon IPs are frequently used in DDOS attacks, and they can be used in other attacks where no TCP connection is required.

There are a variety of attacks against networks and Internet infrastructure that involve the use of bogon addresses. Blocking outbound bogon network traffic and certain types of DNS resolution of bogon addressing is also necessary for security. Bogon addresses may appear in DNS results when someone is using DNS Tunneling to steal data from a private network. This type of activity can be easily identified within the router or firewall logs and should be blocked.

Retrieved from "http://wiki.robotz.com/index.php?title=Bogon_networks&oldid=22196"