Nov
10

What in the world is a bogon? It is a source address that should not appear in an IP packet on an interface that faces the public Internet. A very famous example of a bogon address would be the Private IP address space, as defined in RFC 1918. This address space is as follows:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

What would be another example of a bogon address? How about the “link-local” addresses that a system will use to communicate on the local link in the event of DHCP failure. This address space is 169.254.0.0/16.

So bogons consist of special use addresses and any other portions of the address space that has not been allocated for public use. This list of addresses is not static, and does change over time. These addresses are excellent entries in your filters (access control lists) for interfaces that face the Internet.
What is a convenient place to learn of the bogon addresses you should be most concerned with as a CCIE candidate? Well, it is none other than an RFC. It is RFC 3330. It is an excellent RFC that summarizes many of the other RFCs detailing special use address space. You can find RFC 3330 here:

http://www.faqs.org/rfcs/rfc3330.html


You can leave a response, or trackback from your own site.

8 Responses to “Bogons Be Gone!”

 
  1. Yandy says:

    Yup,
    Those bogons are a pesky thing to keep up to date sometimes, because they do change so often. Specially with the way IP addresses are being handed off now a days.

    Thanks awesome article.

  2. Johnson says:

    How to memorize RFC3330 all prefix ?

    You know in some cases you have no any tool to search for RFC specification(if someone know how to search RFC in Cisco Document Website, please leave your comment), but you still need to apply some network security policy, then you have to hard dump to your brain.

    After my hard work, I figured out some hints for this RFC related reserved prefix listing:

    Part I : RFC 1918
    In RFC 3330 including well-known private IP network defined in RFC1918, so I think it is no a problem for most network engineer.
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16

    Part II : All classful network the First and the Last network
    (1)The First & Last network in Class A network
    - 0.0.0.0/8
    - 127.0.0.0/8

    (2)The First & Last network in Class B network
    - 128.0.0.0/16
    - 191.255.0.0/16

    (3)The First & Last network in Class C network
    - 192.0.0.0/24
    - 223.255.255.0/24

    Part III : Class D & E network
    - 224.0.0.0/4
    - 240.0.0.0/4

    Part VI : DHCP Reserved network defined by Microsoft
    - 169.254.0.0/16

    Part V : RTBH(Remote Trigger Black Hole) Test-Net
    - 192.0.2.0/24

    Part VI : The others you have to spend some energy to memorize them…
    - 14.0.0.0/8 (Public-Data Networks)
    - 24.0.0.0/8 (Cable Television Networks)
    - 39.0.0.0/8 (Reserved but subject to allocation)
    - 192.88.99.0/24 (6to4 Relay Anycast)
    - 198.18.0.0/15 (Network Interconnect Device Benchmark Testing)

    http://ccie11440.blogspot.com/2008/10/how-to-memorize-rfc3330-all-prefix.html

  3. Chris Copley says:

    I was studying this last night in my study group. We found these links that may also help in the studies of others..

    http://www.cymru.com/Documents/bogon-dd.html

    and…

    Here’s an example in the Doc CD of what SOME of the “prerequisite” IP address blocks COULD be:

    http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_unicast_rpf_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001323

    HTH
    Chris

  4. Dre says:

    Another great resource for bogons filtering is http://www.team-cymru.org/Services/Bogons/routeserver.html.
    They also consider non allocated IP addresses (still in IANA pool) as bogons.

    For those interested in which bogons are currently out there, bgpmon.net keeps a list of all current bogons that are detected in BGP updates, this is for IPv4, IPv6 prefixes as well as bogon AS numbers. see for example:
    http://www.bgpmon.net/showbogons.php?inet=4 or for Bogon AS numbers: http://www.bgpmon.net/bogonas.php?global

  5. [...] Bogons Be Gone! – CCIE Blog What in the word is a bogon? It is a source address that should not appear in an IP packet on an interface that faces the public Internet. (tags: ccie networking security blog) [...]

  6. Steve says:

    Quote from Wikipedia

    “The term bogan (pronounced /ˈboʊgən/, rhyming with slogan) is Australian and New Zealand English slang, usually pejorative, for a person who is, or is perceived to be, of a lower-class background. According to the stereotype, the speech and mannerisms of ‘bogans’ indicate, poor education, cheap clothing and uncultured upbringing. ‘Bogans’ usually reside in economically disadvantaged suburbs (often outer metropolitan) or rural areas.

    The term is a close regional equivalent to the English term Chav or Pikey, Scottish term Ned, Irish term Scanger or Spide and the North American terms White Trash and Hillbilly.”

  7. Hey Steve – unreal – thanks for that.

    I live in Lutz, Florida and I am a bonafide hillbilly. :-)

  8. Ashely says:

    Awesome information once again. Thank you:)

 

Leave a Reply

Categories

CCIE Bloggers