A Bogon is an IP address (IPv4 or IPv6) that has yet to be officially assigned for use by the Internet Assigned Number Authority (IANA). As such they are unassigned and unrouted on the Internet. Bogons can be intentionally misused by hackers to hide their attacks by hiding their source IP address (hackers). Only connectionless (UDP/ICMP) attacks can be used in these cases, but for these forms of attack, there are many options. (See an early example in a “Ping of Death”).
IP addresses enable the Internet to function, uniquely identifying a company’s website or mail servers, and connecting unique endpoints together for seamless and consistently reliable communication. IANA, and other Internet registries, assign and track IP address assignments.
Some IP addresses may only be considered a bogon temporarily, as the IANA registry is constantly updating and assigning new address spaces.
What does this mean for an SMB?
Hacker attacks in the early 2000s came from BOGON IP addresses as often as 60% of the time but by 2009 that had dropped down to less than 5% of the time. BOGON filtering by Internet Service Providers means they aren’t seen on public networks today. However, good hackers are very aware of bogon networks and can use them for targeted attacks and exploits. For example, they’re often used by hackers conducting Distributed Denial-of-Service (DDoS) attack. This is because bogon packets can’t be traced back to a real host or source.
Many technologies help protect you from bogon attacks including:
- Intrusion prevention systems; and
- Software security tools such as RuleGate which dynamically blocks and unblocks bogons on network devices.
In addition to these actions, it’s critical that your organization adopts cybersecurity awareness training, phishing tests, policy guidance, and dark web reporting to ensure your company is properly secured online today.