Bogons

Introduction

Bogons are IP addresses that should not appear on the "public Internet"--that is, in interdomain traffic. Here, the "public Internet" is being distinguished from the "local/private network," which ranges from a single Ethernet segment to the entire private network of a single organization. In the private network, anything goes, including the use of addresses that are not globally unique or even reachable from outside the private network. However, addresses used on the public Internet must fall within address blocks explicitly allocated for globally unique host addressing. The full IPv4 address space is not currently, and will never be, used exclusively for globally unique host addressing. Some parts of the address space have been set aside for use solely within private networks. Other parts have been set aside for special uses, such as testing and multicast routing. And yet other parts have not been allocated for use at all.

A bogon list is a compilation of address ranges that should not be visible on the public Internet under normal operation. Some bogons do appear on the public Internet for various reasons, including

the (legitimate) use of non-globally unique addresses for router interfaces
source address spoofing in DDoS attacks
the use of unallocated address blocks for malicious or fradulent purposes (such as sending spam)

Minimal Bogon List

The set of bogons changes over time, as formerly unallocated address blocks are finally put to use or as address blocks set aside for one purpose are put to a different use. For careful analysis, it is best to use a complete bogon list that provides the exact state at the time of a given dataset. When the highest level of rigor is not necessary, the following minimal bogon list may prove useful. These bogons have existed for many years and are almost certain to remain bogons indefinitely. The list is derived from RFC 3330, "Special-Use IPv4 Addresses."

Prefix	Description
0.0.0.0/8	hosts on "this" network (RFC3330)
10.0.0.0/8	private network (RFC1918)
127.0.0.0/8	loopback interface (RFC3330)
169.254.0.0/16	link local (RFC3330)
172.16.0.0/12	private network (RFC1918)
192.0.2.0/24	test net (for use as examples in documentation, RFC3330)
192.168.0.0/16	private network (RFC1918)
198.18.0.0/15	network device benchmarking (RFC3330)
224.0.0.0/4 (224/8 to 239/8)	multicast (RFC3330)
255.255.255.255/32	"limited broadcast" (RFC3330)

Note: RFC 3330 says 14.0.0.0/8 is "set aside for assignments to the international system of Public Data Networks." RFC 1700, "Assigned Numbers", lists a good many IP address assignments from this block. The wording of RFC 3330 doesn't exclude the possible use of these addresses on the public Internet ("Addresses within this block are assigned to users and should be treated as such.") Though it is unclear how these addresses are being used in practice, it is worth noting that 14.0.0.0/8 doesn't appear on either the Team Cymru bogon list nor the CompleteWhois bogon list (see Resources below). This suggests that it is incorrect to treat 14.0.0.0/8 as globally non-routable, and therefore, this prefix has not been included in the minimal bogon list above.

Resources

IANA IPv4 Address Space Assignments at /8 granularity. CompleteWhois has an improved (non-authoritative) version.
RFC 3330 -- "Special-Use IPv4 Addresses." CompleteWhois has a summary.
RFC 1918 -- "Address Allocation for Private Internets."
CompleteWhois bogon list based only on IANA allocations.
Team Cymru bogon list based only on IANA allocations (see Team Cymru bogon page).
CompleteWhois bogon list based on IANA allocations and WHOIS allocations (see CompleteWhois bogon page).
Bill Manning's Internet draft, "Documenting Special Use IPv4 Address Blocks that have been registered with IANA", Jan 2001.
Bogons are also called 'martians'. The RIS project at RIPE NCC collects statistics on martians; see "Martian prefixes in the RIS" and "Prefix distribution".

Young Hyun

Last modified: Wed Mar 3 15:46:49 PST 2004