Bogon

10th March 2021 | Cybrary Bogon


bogon cyber term

A Bogon is an IP address (IPv4 or IPv6) that has yet to be officially assigned for use by the Internet Assigned Number Authority (IANA). As such they are unassigned and unrouted on the Internet.  Bogons can be intentionally misused by hackers to hide their attacks by hiding their source IP address (hackers). Only connectionless (UDP/ICMP) attacks can be used in these cases, but for these forms of attack, there are many options. (See an early example in a “Ping of Death”).

IP addresses enable the Internet to function, uniquely identifying a company’s website or mail servers, and connecting  unique endpoints together for seamless and consistently reliable communication. IANA, and other Internet registries, assign and track IP address assignments.

Some IP addresses may only be considered a bogon temporarily, as the IANA registry is constantly updating and assigning new address spaces.

What does this mean for an SMB?

Hacker attacks in the early 2000s came from BOGON IP addresses as often as 60% of the time but by 2009 that had dropped down to less than 5% of the time. BOGON filtering by Internet Service Providers means they aren’t seen on public networks today. However, good hackers are very aware of bogon networks and can use them for targeted attacks and exploits. For example, they’re often used by hackers conducting Distributed Denial-of-Service (DDoS) attack. This is because bogon packets can’t be traced back to a real host or source. 

Many technologies help protect you from bogon attacks including: 

In addition to these actions, it’s critical that your organization adopts cybersecurity awareness training, phishing tests, policy guidance, and dark web reporting to ensure your company is properly secured online today. 

https://youtu.be/eXC87A5e0aQ

Sources: 

TechTarget

RuleGate

Additional Reading:

Bogons: Don’t Let Them In or Through Your Networks

Related Terms:

Firewall

IPSec

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Make Phishing Training Count with HootPhish

Make Phishing Training Count with HootPhish

Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...

Read more
Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
CyberHoot Newsletter – May 2025

CyberHoot Newsletter – May 2025

Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...

Read more