Bogon filtering

Last updated

Bogon filtering is the practice of filtering bogons, which are bogus (fake) IP addresses of a computer network. Bogons include IP packets on the public Internet that contain addresses that are not in any range allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated regional Internet registry (RIR) and allowed for public Internet use. The areas of unallocated address space are called the bogon space.

Contents

Bogons also include some address ranges from allocated space, also known as Martian packets, mainly when they are being used as source address. Addresses reserved for private networks [1] [2] , such as those in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and fc00::/7, [2] loopback interfaces like 127.0.0.0/8 and ::1, and link-local addresses like 169.254.0.0/16 and fe80::/64 are part of it. Also addresses for Carrier-grade NAT, Teredo, and 6to4 and documentation prefixes fall into this category. [3]

Many ISPs and end-user firewalls filter and block bogons, because they have no legitimate use, and usually are the result of accidental misconfiguration or malicious intent. Bogons can be filtered by using router access-control lists (ACLs), or by BGP blackholing.

IP addresses that are currently in the bogon space may not be bogons at a later date because IANA and other registries frequently assign new address space to ISPs. Announcements of new assignments are often published on network operators' mailing lists (such as NANOG) to ensure that operators have a chance to remove bogon filtering for addresses that have become legitimate. For example, addresses in 49.0.0.0/8 were not allocated prior to August 2010, but are now used by APNIC. [4] As of November 2011, the Internet Engineering Task Force (IETF) recommends that, since there are no longer any unallocated IPv4 /8s, IPv4 bogon filters based on registration status should be removed. [5] However, bogon filters still need to check for Martian packets.

Etymology

The term bogon stems from hacker jargon, with the earliest appearance in the Jargon File in version 1.5.0 (dated 1983). [6] It is defined as the quantum of bogosity, or the property of being bogus. A bogon packet is frequently bogus both in the conventional sense of being forged for illegitimate purposes, and in the hackish sense of being incorrect, absurd, and useless.[ citation needed ]

These unused IP addresses are collectively known as a bogon, a portmanteau of "bogus logon", or a logon from a place you know no one can actually logon. [7]

See also

Related Research Articles

An Internet Protocol address is a numerical label such as 192.0.2.1 that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification, and location addressing.

<span class="mw-page-title-main">Internet Protocol version 4</span> Fourth version of the Internet Protocol

Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

<span class="mw-page-title-main">IPv6</span> Version 6 of the Internet Protocol

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

Classless Inter-Domain Routing is a method for allocating IP addresses and for IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous classful network addressing architecture on the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses.

A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. Multicast addressing can be used in the link layer, such as Ethernet multicast, and at the internet layer for Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) multicast.

<span class="mw-page-title-main">Subnet</span> Logical subdivision of an IP network

A subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting.

An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. Autonomous System Numbers are assigned to Local Internet Registries (LIRs) and end user organizations by their respective Regional Internet Registries (RIRs), which in turn receive blocks of ASNs for reassignment from the Internet Assigned Numbers Authority (IANA). The IANA also maintains a registry of ASNs which are reserved for private use.

A Martian packet is an IP packet seen on the public Internet that contains a source or destination address that is reserved for special-use by Internet Assigned Numbers Authority (IANA) as defined in RFC 1812, Appendix B Glossary. On the public Internet, such a packet either has a spoofed source address, and it cannot actually originate as claimed, or the packet cannot be delivered. The requirement to filter these packets is found in RFC 1812, Section 5.3.7.

In computer networking, localhost is a hostname that refers to the current computer used to access it. The name localhost is reserved for loopback purposes. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware.

In Internet networking, a private network is a computer network that uses a private address space of IP addresses. These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Both the IPv4 and the IPv6 specifications define private IP address ranges.

In computer networking, ingress filtering is a technique used to ensure that incoming packets are actually from the networks from which they claim to originate. This can be used as a countermeasure against various spoofing attacks where the attacker's packets contain fake IP addresses. Spoofing is often used in denial-of-service attacks, and mitigating these is a primary application of ingress filtering.

In the Internet addressing architecture, the Internet Engineering Task Force (IETF) and the Internet Assigned Numbers Authority (IANA) have reserved various Internet Protocol (IP) addresses for special purposes.

In computer networking, a port or port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port at the software level is identified for each transport protocol and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP); those port numbers are 16-bit unsigned numbers.

<span class="mw-page-title-main">IPv4 address exhaustion</span> Depletion of unallocated IPv4 addresses

IPv4 address exhaustion is the depletion of the pool of unallocated IPv4 addresses. Because the original Internet architecture had fewer than 4.3 billion addresses available, depletion has been anticipated since the late 1980s, when the Internet started experiencing dramatic growth. This depletion is one of the reasons for the development and deployment of its successor protocol, IPv6. IPv4 and IPv6 coexist on the Internet.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

The Internet Protocol Version 4 address 0.0.0.0 can have multiple uses.

<span class="mw-page-title-main">IPv6 address</span> Label to identify a network interface of a computer or other network node

An Internet Protocol Version 6 address is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.

<span class="mw-page-title-main">Carrier-grade NAT</span> Type of network address translation

Carrier-grade NAT, also known as large-scale NAT (LSN), is a type of network address translation (NAT) used by ISPs in IPv4 network design. With CGNAT, end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end users. This essentially repeats the traditional customer-premise NAT function at the ISP level.

In order to ensure proper working of carrier-grade NAT (CGN), and, by doing so, alleviating the demand for the last remaining IPv4 addresses, a /10 size IPv4 address block was assigned by Internet Assigned Numbers Authority (IANA) to be used as shared address space. This block of addresses is specifically meant to be used by Internet service providers that implement carrier-grade NAT, to connect their customer-premises equipment (CPE) to their core routers.

References

  1. Y. Rekhter; B. Moskowitz; D. Karrenberg; G. J. de Groot; E. Lear (February 1996). Address Allocation for Private Internets. Network Working Group. doi: 10.17487/RFC1918 . BCP 5. RFC 1918.Best Common Practice. Obsoletes RFC  1627 and 1597. Updated by RFC  6761.
  2. 1 2 R. Hinden; B. Haberman (October 2005). Unique Local IPv6 Unicast Addresses. Network Working Group. doi: 10.17487/RFC4193 . RFC 4193.Proposed Standard.
  3. "Bogon IP addresses". ipgeolocation. Retrieved 27 Jan 2022.
  4. "IANA IPv4 Address Space Registry". IANA. 2010-02-22. Archived from the original on 2010-04-30. Retrieved 2010-03-18.
  5. L. Vegoda (November 2011). Time to Remove Filters for Previously Unallocated IPv4 /8s. IETF. doi: 10.17487/RFC6441 . ISSN   2070-1721. BCP 171. RFC 6441.Best Common Practice.
  6. Guy L. Steele Jr.; Donald R. Woods; Raphael A. Finkel; Mark R. Crispin; Richard M. Stallman; Geoffrey S. Goodfellow (1983). "The Hacker's Dictionary: A Guide to the World of Computer Wizards". Jargon File Text Archive : A large collection of historical versions of the Jargon File. Archived from the original on November 8, 2020. Retrieved 28 May 2021.
  7. "Ian McAnerin and Mike Churchill - 2005". McAnerin Networks Inc. Archived from the original on 2007-04-14. Retrieved 16 May 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.