Content deleted Content added
* martian |
reverted 2 edits by 2402:800:629e:f50f:675c:5cce:4339:9687; unexplained content deletion |
||
| (205 intermediate revisions by more than 100 users not shown) | |||
Line 1:
{{Short description|Discarding network packets with bogus addressing}}
'''Bogon filtering''' is the practice of blocking [[packet (information technology)|packets]] known as '''bogons''', which are ones sent to a [[computer network]] claiming to originate from invalid or bogus [[IP address]]es, known as '''bogon addresses'''.<ref>{{cite web |title=What is a bogon address? |url=https://www.apnic.net/manage-ip/apnic-services/registration-services/resource-quality-assurance/what-is-a-bogon-address/ |publisher=[[APNIC]] |access-date=1 November 2024 |language=en-AU}}</ref>
==Etymology==
Many ISPs and end user firewalls filter bogons, because they have no legitimate use, and are therefore the result of accidental or malicious misconfiguration at the sender. Bogons can be filtered by using router ACLs, or by [[BGP]] blackholing. ▼
The term ''bogon'' stems from [[Hacker (programmer subculture)|hacker]] [[jargon]], with the earliest appearance in the [[Jargon File]] in version 1.5.0 (dated 1983).<ref>{{cite web |author1=Guy L. Steele Jr. |author2=Donald R. Woods |author3=Raphael A. Finkel |author4=Mark R. Crispin |author5=Richard M. Stallman |author6=Geoffrey S. Goodfellow |title=The Hacker's Dictionary: A Guide to the World of Computer Wizards |url=http://jargon-file.org/archive/jargon-1.5.0.dos.txt |website=Jargon File Text Archive : A large collection of historical versions of the Jargon File |access-date=28 May 2021 |archive-url=https://web.archive.org/web/20201108161626/http://jargon-file.org/archive/jargon-1.5.0.dos.txt |archive-date=November 8, 2020 |language=English |date=1983}}</ref> It is defined as the [[quantum]] of ''bogosity'', or the property of being bogus. A bogon packet is frequently bogus both in the conventional sense of being forged for illegitimate purposes, and in the [[Hacker (programmer subculture)|hackish]] sense of being incorrect, absurd, and useless.{{Citation needed|date=May 2021}} An alternative etymology suggests that 'bogon' derives from a portmanteau of "bogus logon", or a logon from a place you know no one can actually logon.<ref>{{cite web |title=Ian McAnerin and Mike Churchill - 2005 |url=http://www.mcanerin.com/EN/articles/bogon-01.asp |website=McAnerin Networks Inc. |archive-url=https://web.archive.org/web/20070414145327/http://www.mcanerin.com/EN/articles/bogon-01.asp |access-date=16 May 2020|archive-date=2007-04-14 }}</ref>
==Types of bogon addresses==
Areas of unallocated address space are called the '''bogon space'''. These are that are not in any range allocated the [[Internet Assigned Numbers Authority]] (IANA) or a [[regional Internet registry]] (RIR) for public internet use.
Bogon IPs also include some address ranges from allocated space. For example, addresses reserved for [[private networks]]{{Ref RFC|1918}}{{Ref RFC|4193}}, such as those in {{IPaddr|10.0.0.0|8}}, {{IPaddr|172.16.0.0|12}}, {{IPaddr|192.168.0.0|16}} and {{IPaddr|fc00::/7}},{{Ref RFC|4193}} [[loopback|loopback interfaces]] like {{IPaddr|127.0.0.0|8}} and {{IPaddr|::1}}, and [[link-local address|link-local addresses]] like {{IPaddr|169.254.0.0|16}} and {{IPaddr|fe80::/64}} can be bogon addresses. Addresses for [[Carrier-grade NAT]], [[Teredo tunneling|Teredo]], and [[6to4]] and documentation prefixes also fall into this category.<ref>{{Cite web|title=Bogon IP addresses|publisher=ipgeolocation|url=https://ipgeolocation.io/resources/bogon.html|access-date=27 Jan 2022}}</ref> IP packets using these as source addresses are sometimes known as [[Martian packet]]s.
==Blocking and filtering==
▲Many
==Former bogon addresses==
See also:▼
IP addresses in the bogon space may cease to be bogons because IANA frequently assigns new address. Announcements of new assignments are often published on [[Computer network|network]] operators' [[mailing list]]s (such as [[NANOG (computing)|NANOG]]) to ensure that bogon filtering can be removed for addresses that have become legitimate. For example, addresses in {{IPaddr|49.0.0.0|8}} were not allocated prior to August 2010, but are now used by [[APNIC]].<ref name=address>{{cite web |url=https://www.iana.org/assignments/ipv4-address-space/ |title=IANA IPv4 Address Space Registry |access-date=2010-03-18 |date=2010-02-22 |publisher=[[Internet Assigned Numbers Authority|IANA]] |archive-url=https://web.archive.org/web/20100430190605/https://www.iana.org/assignments/ipv4-address-space/ |archive-date=2010-04-30 |url-status=live }}</ref>
{{As of|2011|11}}, the [[Internet Engineering Task Force]] (IETF) recommends that, [[IPv4 address exhaustion|since there are no longer any unallocated IPv4 {{IPaddr||8}}s]], IPv4 bogon filters based on registration status should be removed.{{Ref RFC|6441}}
However, bogon filters still need to check for [[Martian packet]]s.
* [[Reverse-path forwarding]]
* [[IP hijacking]]
* [[IP address spoofing]]
* [[Ingress filtering]]
* [[Internet background noise]]
==References==
{{Reflist}}
==External links==
* [https://web.archive.org/web/20070414145327/http://www.mcanerin.com/EN/articles/bogon-01.asp Bogons Ate My Website]
* [http://www.toonk.nl/bogons.php Bogon traffic analysis report, netflow and spam analysis ] {{Webarchive|url=https://web.archive.org/web/20150316073337/http://www.toonk.nl/bogons.php |date=2015-03-16 }}
* [https://www.ripe.net/publications/docs/ripe-351 RIPE NCC: De-Bogonising New Address Blocks]
* [https://www.team-cymru.com/bogon-reference.html Team Cymru Bogon Reference]
{{Information security}}
{{Computer science}}
{{Authority control}}
[[Category:Computer jargon]]
[[Category:Internet Protocol]]
| |||