Bogon filtering
|
|
A bogon is an informal name for an IP packet on the public Internet that claims to be from an area of the IP address space reserved, but not yet allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated Internet registry. The areas of unallocated address space are called "bogon space".
The term "bogon" stems from hacker jargon, where it is defined as the quantum of "bogosity", or the property of being bogus. A bogon packet is frequently bogus both in the conventional sense of being forged for illegitimate purposes, and in the hackish sense of being incorrect, absurd, and useless. [1] (http://jargon.watson-net.com/section.asp)
Many ISPs and end user firewalls filter bogons, because they have no legitimate use, and are therefore the result of accidental or malicious misconfiguration at the sender. Bogons can be filtered by using router ACLs, or by BGP blackholing.
Note: If you are using bogon filter lists, then they must be kept up to date. This is because IANA and other registries are constantly allocating more of the available IP address space. If bogon filter lists are not kept up to date, perfectly legitimate areas of address space will be blocked.
See also
External links
- The Team Cymru Bogon Reference Page -- secure templates for routers (http://www.cymru.com/Bogons/)
- Why bogon filtering using BGP is useless (http://mt.oisec.net/archive/2004/12/03/bogon_filtering_using_bgp_bogo)