Don’t Run Another Phish Test Until You Read This
Get Started Book a Demo

Bogon

10th March 2021 | Cybrary Bogon


bogon cyber term

A Bogon is an IP address (IPv4 or IPv6) that has yet to be officially assigned for use by the Internet Assigned Number Authority (IANA). As such they are unassigned and unrouted on the Internet.  Bogons can be intentionally misused by hackers to hide their attacks by hiding their source IP address (hackers). Only connectionless (UDP/ICMP) attacks can be used in these cases, but for these forms of attack, there are many options. (See an early example in a “Ping of Death”).

IP addresses enable the Internet to function, uniquely identifying a company’s website or mail servers, and connecting  unique endpoints together for seamless and consistently reliable communication. IANA, and other Internet registries, assign and track IP address assignments.

Some IP addresses may only be considered a bogon temporarily, as the IANA registry is constantly updating and assigning new address spaces.

What does this mean for an SMB?

Hacker attacks in the early 2000s came from BOGON IP addresses as often as 60% of the time but by 2009 that had dropped down to less than 5% of the time. BOGON filtering by Internet Service Providers means they aren’t seen on public networks today. However, good hackers are very aware of bogon networks and can use them for targeted attacks and exploits. For example, they’re often used by hackers conducting Distributed Denial-of-Service (DDoS) attack. This is because bogon packets can’t be traced back to a real host or source. 

Many technologies help protect you from bogon attacks including: 

In addition to these actions, it’s critical that your organization adopts cybersecurity awareness training, phishing tests, policy guidance, and dark web reporting to ensure your company is properly secured online today. 

https://youtu.be/eXC87A5e0aQ

Sources: 

TechTarget

RuleGate

Additional Reading:

Bogons: Don’t Let Them In or Through Your Networks

Related Terms:

Firewall

IPSec

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change
12th August 2025 | Blog

Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change

For years, organizations have relied on fake email phishing simulations to measure employee resilience to...

Read more
Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks
5th August 2025 | Blog

Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks

Welcome to our two-part blog series on Microsoft’s new email security enhancement now included in Office 365 P1...

Read more
Why Hackers Love MSPs and What We’re Gonna Do About It
29th July 2025 | Blog

Why Hackers Love MSPs and What We’re Gonna Do About It

"Being an MSP today is like wearing a neon sign that says, ‘Hack me! I’m the gateway to 100...

Read more
Get Started All Posts