What is a bogon IP address?

bogon IP address

Intro

A bogon is an illegitimate Internet Protocol address that falls into a set of IP addresses that have not been officially assigned to an entity by a regional Internet registry (RIR). Bogons typically arise as a result of a misconfiguration or intentional misuse that tricks recipients about its source IP address. There addresses should not be routable on the public Internet. Therefore, bogons are often blocked by network administrators because they are frequently used for malicious activities like spoofing or spam.

How does a bogon work?

Every machine on the Internet is assigned an IP address to facilitate communication between them. These IP addresses are allocated by IANA (Internet Assigned Numbers Authority) or another regional Internet registry. The allocated IP address ranges are known as the reserved space. Meanwhile, other IP address ranges not included in the reserved space are known as the bogon space. Bogon IP addresses can fall into the categories below:

  • Reserved by IANA (Internet Assigned Numbers Authority) but not yet assigned to any entity.
  • Private, link-local, or otherwise non-routable (e.g., 10.0.0.0/8, 192.168.0.0/16).
  • Unallocated, meaning no one should be using them on the public internet yet.

Risks posed by bogons

Even though bogons are not meant to be used on the public Internet, they can be used by hackers or spammers via the source IP spoofing. This is because routers generally don’t scrutinize the source IP and will forward any bogon packets.

In a Distributed Denial of Service (DDoS) attack, bogon IP addresses can be used to mask the source of the attack. DDoS attacks frequently target websites or web services to overload the target server with too many requests.

Another common scenario is the TCP SYN scanning attack. By using bogon IP address as the source, the destination machine will be overwhelmed trying to respond to a non-routable IP address.

Detecting & preventing bogons

Network and server admins need to keep up to date with the latest list of bogon IP addresses. Some IP addresses may be unallocated today but could be assigned to an organization in the future. Hence, there is a need to keep abreast of the latest list to block and prevent abuse of the servers and online services.

Fortunately, IP2Location has now introduced the bogon IP address data in the IP2Proxy PX12 package. Under the threat field, look for the value BOGON. If an IP address is showing that value, it is a bogon IP address due to unallocated IP address detected in BGP tables.

The IP2Location.io API also includes this new value in the threat field for subscribers of the Security Plan.

Conclusion

Bogon IP addresses can be used by bad actors to attack your servers and online services. Don’t succumb to the hackers and spammers messing with your business. Protect yourself today with the IP2Proxy PX12 package or the IP2Location.io API.

Was this article helpful?

Yes No