(Created page with "A bogon network is a range of IP addresses that are otherwise known as bogon addresses, those defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735...") |
m |
||
(4 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
A bogon network is a range of IP addresses that are otherwise known as bogon addresses, those defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority. | A bogon network is a range of IP addresses that are otherwise known as bogon addresses, those defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority. | ||
− | Bogon IP addresses can, not entirely accurately, be thought of as fake IP addresses. The bogon IP space not assigned to any entity by Internet Assigned Numbers Authority (IANA) and RIR (Regional Internet Registry) may be as of yet unassigned or may be specially reserved for private network use. Addresses reserved for | + | Bogon IP addresses can, not entirely accurately, be thought of as fake IP addresses. The bogon IP space not assigned to any entity by Internet Assigned Numbers Authority (IANA) and RIR (Regional Internet Registry) may be as of yet unassigned or may be specially reserved for private network use. Addresses reserved for |
+ | [[IPv4 Private Address Space]], such as those in 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are considered bogon. Local machine loopback addresses like those in 127.0.0.0/8 and link-local addresses like 169.254.0.0/16 are also bogon. | ||
+ | |||
+ | == bogon IP address ranges == | ||
+ | |||
+ | === IPv4 Bogon Ranges === | ||
+ | |||
+ | 0.0.0.0/8 "This" network | ||
+ | 10.0.0.0/8 Private-use networks | ||
+ | 100.64.0.0/10 Carrier-grade NAT | ||
+ | 127.0.0.0/8 Loopback | ||
+ | 127.0.53.53 Name collision occurrence | ||
+ | 169.254.0.0/16 Link local | ||
+ | 172.16.0.0/12 Private-use networks | ||
+ | 192.0.0.0/24 IETF protocol assignments | ||
+ | 192.0.2.0/24 TEST-NET-1 | ||
+ | 192.168.0.0/16 Private-use networks | ||
+ | 198.18.0.0/15 Network interconnect device benchmark testing | ||
+ | 198.51.100.0/24 TEST-NET-2 | ||
+ | 203.0.113.0/24 TEST-NET-3 | ||
+ | 224.0.0.0/4 Multicast | ||
+ | 240.0.0.0/4 Reserved for future use | ||
+ | 255.255.255.255/32 Limited broadcast | ||
+ | |||
+ | === IPv6 Bogon Ranges === | ||
+ | |||
+ | ::/128 Node-scope unicast unspecified address | ||
+ | ::1/128 Node-scope unicast loopback address | ||
+ | ::ffff:0:0/96 IPv4-mapped addresses | ||
+ | ::/96 IPv4-compatible addresses | ||
+ | 100::/64 Remotely triggered black hole addresses | ||
+ | 2001:10::/28 Overlay routable cryptographic hash identifiers (ORCHID) | ||
+ | 2001:db8::/32 Documentation prefix | ||
+ | fc00::/7 Unique local addresses (ULA) | ||
+ | fe80::/10 Link-local unicast | ||
+ | fec0::/10 Site-local unicast (deprecated) | ||
+ | ff00::/8 Multicast (Note: ff0e:/16 is global scope and may appear on the global internet.) | ||
+ | |||
+ | === IPv6 Additional Bogon Ranges === | ||
+ | |||
+ | 2002::/24 6to4 bogon (0.0.0.0/8) | ||
+ | 2002:a00::/24 6to4 bogon (10.0.0.0/8) | ||
+ | 2002:7f00::/24 6to4 bogon (127.0.0.0/8) | ||
+ | 2002:a9fe::/32 6to4 bogon (169.254.0.0/16) | ||
+ | 2002:ac10::/28 6to4 bogon (172.16.0.0/12) | ||
+ | 2002:c000::/40 6to4 bogon (192.0.0.0/24) | ||
+ | 2002:c000:200::/40 6to4 bogon (192.0.2.0/24) | ||
+ | 2002:c0a8::/32 6to4 bogon (192.168.0.0/16) | ||
+ | 2002:c612::/31 6to4 bogon (198.18.0.0/15) | ||
+ | 2002:c633:6400::/40 6to4 bogon (198.51.100.0/24) | ||
+ | 2002:cb00:7100::/40 6to4 bogon (203.0.113.0/24) | ||
+ | 2002:e000::/20 6to4 bogon (224.0.0.0/4) | ||
+ | 2002:f000::/20 6to4 bogon (240.0.0.0/4) | ||
+ | 2002:ffff:ffff::/48 6to4 bogon (255.255.255.255/32) | ||
+ | 2001::/40 Teredo bogon (0.0.0.0/8) | ||
+ | 2001:0:a00::/40 Teredo bogon (10.0.0.0/8) | ||
+ | 2001:0:7f00::/40 Teredo bogon (127.0.0.0/8) | ||
+ | 2001:0:a9fe::/48 Teredo bogon (169.254.0.0/16) | ||
+ | 2001:0:ac10::/44 Teredo bogon (172.16.0.0/12) | ||
+ | 2001:0:c000::/56 Teredo bogon (192.0.0.0/24) | ||
+ | 2001:0:c000:200::/56 Teredo bogon (192.0.2.0/24) | ||
+ | 2001:0:c0a8::/48 Teredo bogon (192.168.0.0/16) | ||
+ | 2001:0:c612::/47 Teredo bogon (198.18.0.0/15) | ||
+ | 2001:0:c633:6400::/56 Teredo bogon (198.51.100.0/24) | ||
+ | 2001:0:cb00:7100::/56 Teredo bogon (203.0.113.0/24) | ||
+ | 2001:0:e000::/36 Teredo bogon (224.0.0.0/4) | ||
+ | 2001:0:f000::/36 Teredo bogon (240.0.0.0/4) | ||
+ | 2001:0:ffff:ffff::/64 Teredo bogon (255.255.255.255/32) | ||
+ | |||
+ | == blocking bogon networks for security == | ||
+ | |||
+ | Many appliance firewalls come preconfigured to block bogon networks with rules to accomplish said task | ||
+ | *Block private networks: blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 subnets. | ||
+ | *Block bogon networks: blocks any unallocated IP subnets (typically retrieved Monthly). | ||
+ | |||
+ | Never block all bogon networks on for LAN or WLAN or you will no longer have access! | ||
+ | |||
+ | No bogon prefix should ever appear in an Internet routing table. A packet routed over the Internet other than those within a VPN tunnel should never have a bogon address or be part of a bogon network range. The security threat in bogon networks resides in that Bogon IPs are frequently used in DDOS attacks, and they can be used in other attacks where no TCP connection is required. | ||
+ | |||
+ | There are a variety of attacks against networks and Internet infrastructure that involve the use of bogon addresses. Blocking outbound bogon network traffic and certain types of DNS resolution of bogon addressing is also necessary for security. Bogon addresses may appear in DNS results when someone is using DNS Tunneling to steal data from a private network. This type of activity can be easily identified within the router or firewall logs and should be blocked. | ||
+ | |||
+ | |||
+ | |||
+ | [[Category:Computer_Technology]] | ||
+ | [[Category:Networking]] |
Latest revision as of 20:31, 3 February 2024
A bogon network is a range of IP addresses that are otherwise known as bogon addresses, those defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Authority.
Bogon IP addresses can, not entirely accurately, be thought of as fake IP addresses. The bogon IP space not assigned to any entity by Internet Assigned Numbers Authority (IANA) and RIR (Regional Internet Registry) may be as of yet unassigned or may be specially reserved for private network use. Addresses reserved for IPv4 Private Address Space, such as those in 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are considered bogon. Local machine loopback addresses like those in 127.0.0.0/8 and link-local addresses like 169.254.0.0/16 are also bogon.
bogon IP address ranges
IPv4 Bogon Ranges
0.0.0.0/8 "This" network 10.0.0.0/8 Private-use networks 100.64.0.0/10 Carrier-grade NAT 127.0.0.0/8 Loopback 127.0.53.53 Name collision occurrence 169.254.0.0/16 Link local 172.16.0.0/12 Private-use networks 192.0.0.0/24 IETF protocol assignments 192.0.2.0/24 TEST-NET-1 192.168.0.0/16 Private-use networks 198.18.0.0/15 Network interconnect device benchmark testing 198.51.100.0/24 TEST-NET-2 203.0.113.0/24 TEST-NET-3 224.0.0.0/4 Multicast 240.0.0.0/4 Reserved for future use 255.255.255.255/32 Limited broadcast
IPv6 Bogon Ranges
::/128 Node-scope unicast unspecified address ::1/128 Node-scope unicast loopback address ::ffff:0:0/96 IPv4-mapped addresses ::/96 IPv4-compatible addresses 100::/64 Remotely triggered black hole addresses 2001:10::/28 Overlay routable cryptographic hash identifiers (ORCHID) 2001:db8::/32 Documentation prefix fc00::/7 Unique local addresses (ULA) fe80::/10 Link-local unicast fec0::/10 Site-local unicast (deprecated) ff00::/8 Multicast (Note: ff0e:/16 is global scope and may appear on the global internet.)
IPv6 Additional Bogon Ranges
2002::/24 6to4 bogon (0.0.0.0/8) 2002:a00::/24 6to4 bogon (10.0.0.0/8) 2002:7f00::/24 6to4 bogon (127.0.0.0/8) 2002:a9fe::/32 6to4 bogon (169.254.0.0/16) 2002:ac10::/28 6to4 bogon (172.16.0.0/12) 2002:c000::/40 6to4 bogon (192.0.0.0/24) 2002:c000:200::/40 6to4 bogon (192.0.2.0/24) 2002:c0a8::/32 6to4 bogon (192.168.0.0/16) 2002:c612::/31 6to4 bogon (198.18.0.0/15) 2002:c633:6400::/40 6to4 bogon (198.51.100.0/24) 2002:cb00:7100::/40 6to4 bogon (203.0.113.0/24) 2002:e000::/20 6to4 bogon (224.0.0.0/4) 2002:f000::/20 6to4 bogon (240.0.0.0/4) 2002:ffff:ffff::/48 6to4 bogon (255.255.255.255/32) 2001::/40 Teredo bogon (0.0.0.0/8) 2001:0:a00::/40 Teredo bogon (10.0.0.0/8) 2001:0:7f00::/40 Teredo bogon (127.0.0.0/8) 2001:0:a9fe::/48 Teredo bogon (169.254.0.0/16) 2001:0:ac10::/44 Teredo bogon (172.16.0.0/12) 2001:0:c000::/56 Teredo bogon (192.0.0.0/24) 2001:0:c000:200::/56 Teredo bogon (192.0.2.0/24) 2001:0:c0a8::/48 Teredo bogon (192.168.0.0/16) 2001:0:c612::/47 Teredo bogon (198.18.0.0/15) 2001:0:c633:6400::/56 Teredo bogon (198.51.100.0/24) 2001:0:cb00:7100::/56 Teredo bogon (203.0.113.0/24) 2001:0:e000::/36 Teredo bogon (224.0.0.0/4) 2001:0:f000::/36 Teredo bogon (240.0.0.0/4) 2001:0:ffff:ffff::/64 Teredo bogon (255.255.255.255/32)
blocking bogon networks for security
Many appliance firewalls come preconfigured to block bogon networks with rules to accomplish said task
- Block private networks: blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 subnets.
- Block bogon networks: blocks any unallocated IP subnets (typically retrieved Monthly).
Never block all bogon networks on for LAN or WLAN or you will no longer have access!
No bogon prefix should ever appear in an Internet routing table. A packet routed over the Internet other than those within a VPN tunnel should never have a bogon address or be part of a bogon network range. The security threat in bogon networks resides in that Bogon IPs are frequently used in DDOS attacks, and they can be used in other attacks where no TCP connection is required.
There are a variety of attacks against networks and Internet infrastructure that involve the use of bogon addresses. Blocking outbound bogon network traffic and certain types of DNS resolution of bogon addressing is also necessary for security. Bogon addresses may appear in DNS results when someone is using DNS Tunneling to steal data from a private network. This type of activity can be easily identified within the router or firewall logs and should be blocked.