Bogon

10th March 2021 | Cybrary Bogon


bogon cyber term

A Bogon is an IP address (IPv4 or IPv6) that has yet to be officially assigned for use by the Internet Assigned Number Authority (IANA). As such they are unassigned and unrouted on the Internet.  Bogons can be intentionally misused by hackers to hide their attacks by hiding their source IP address (hackers). Only connectionless (UDP/ICMP) attacks can be used in these cases, but for these forms of attack, there are many options. (See an early example in a “Ping of Death”).

IP addresses enable the Internet to function, uniquely identifying a company’s website or mail servers, and connecting  unique endpoints together for seamless and consistently reliable communication. IANA, and other Internet registries, assign and track IP address assignments.

Some IP addresses may only be considered a bogon temporarily, as the IANA registry is constantly updating and assigning new address spaces.

What does this mean for an SMB?

Hacker attacks in the early 2000s came from BOGON IP addresses as often as 60% of the time but by 2009 that had dropped down to less than 5% of the time. BOGON filtering by Internet Service Providers means they aren’t seen on public networks today. However, good hackers are very aware of bogon networks and can use them for targeted attacks and exploits. For example, they’re often used by hackers conducting Distributed Denial-of-Service (DDoS) attack. This is because bogon packets can’t be traced back to a real host or source. 

Many technologies help protect you from bogon attacks including: 

In addition to these actions, it’s critical that your organization adopts cybersecurity awareness training, phishing tests, policy guidance, and dark web reporting to ensure your company is properly secured online today. 

https://youtu.be/eXC87A5e0aQ

Sources: 

TechTarget

RuleGate

Additional Reading:

Bogons: Don’t Let Them In or Through Your Networks

Related Terms:

Firewall

IPSec

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

The Ransomware an AI Model Built Without Trying

The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...

Read more
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more
Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...

Read more