Bogon Filtering
Bogon Filtering Definition
Bogon filtering is a network security practice that blocks traffic from IP addresses that shouldn’t appear on the public internet. These addresses are usually from a private IP range, unassigned, reserved, or otherwise invalid for normal internet routing. Because legitimate devices shouldn’t be using them in public traffic, their presence can point to misconfigured systems, spoofed packets, or suspicious activity. Bogon filtering helps reduce that unwanted traffic before it reaches internal systems.
How Bogon Filtering Works
Bogon filtering compares incoming or outgoing traffic against a list of bogon IP ranges. If the source or destination matches one of those ranges, the network blocks or drops the packet. This usually happens on routers, firewalls, or other filtering tools at the network edge.
Bogon Filtering Methods
- Static lists: Admins use a fixed list of bogon IP ranges and update it manually. This method is simple, but it can become outdated.
- Dynamic feeds: Networks pull updated bogon data from trusted sources. This method is more reliable because address ranges can be assigned or reclassified.
- Filtering rules: Bogon lists can be applied through access control lists (ACLs), firewall rules, or router settings. The setup depends on the network device and security policy.
What Bogon Filtering Helps Prevent
- IP spoofing: Attackers can use fake source addresses to hide where the traffic came from. Bogon filtering can block packets from invalid address ranges.
- Some DDoS traffic: DDoS attacks can use spoofed or unroutable addresses. Filtering those ranges can reduce part of the attack.
- Network noise: Misconfigured systems and scanners can create unwanted traffic. Bogon filtering helps keep that traffic out.
Limitations of Bogon Filtering
- List accuracy: Old bogon lists can miss new bogon ranges or block addresses that later became valid.
- Limited coverage: Valid public IP addresses can still carry malicious traffic.
- Setup errors: Incorrect rules can block legitimate traffic or leave gaps.
Read More
FAQ
Ingress filtering checks whether incoming traffic uses a source IP address that matches where it came from. Bogon filtering is narrower. It focuses on a defined list of IP ranges that shouldn’t be routed publicly.
Yes. IP address ranges change over time, but bogon filtering still helps networks block traffic that has no valid reason to reach them. It works best when the bogon list remains updated, and the network uses additional security tools, too.
Yes. Bogon filtering can work with IPv6, but it needs IPv6-specific bogon lists. IPv4 lists won’t cover IPv6 address ranges. It also depends on whether the network devices support IPv6 filtering rules.
Regional Internet Registries track how IP address space is assigned. Security groups and network providers use that data to build bogon lists. Many publish these lists so admins can use them in their networks.
Add bogon filtering to routers or firewalls at the network edge. Use a trusted bogon list and create rules to discard matching traffic. Keep the list updated and review the rules from time to time.
45-Day Money-Back Guarantee