bgp hints - internet routing news, hints and tips

Posted: 2003-09-08

Category: General

Use bogon filters, but keep them up-to-date

There are several IP address ranges that should not be used on the internet. These include special-use addresses (such as 127.0.0.0/8 for the loopback interface), addresses reserved for private or future use, and address ranges not currently allocated to any of the regional internet registries (RIR's).

One way these addresses do appear on the internet is as the source addresses of distributed denial-of-service (DDoS) attacks.

To minimize the effect of such attacks, you should filter packets with bogon addresses as well as BGP route updates for bogon address ranges. Team Cymru has made a helpful bogon page showing the current list of bogons in a variety of formats, so that you can include them in your particular routing set up in a way that suits your needs.

However, you must take care to keep your bogon filters up-to-date. Over time, more and more of the IPv4 address space will be allocated by IANA to the RIR's, so addresses that are currently bogons may be valid in the future. Needless to say, it's important to keep track of these changes.

As shown on 69box, this is a real problem: when IANA just allocated the 69.0.0.0/8 address, many destinations on the internet were unreachable from addresses in the 69.0.0.0/8 space, due to outdated bogon filters which still included 69.0.0.0/8.

Fortunately, the bogon page lists several methods you can use to stay up-to-date with changes in the bogon list, such as a mailing list or an automated BGP or DNS feed.

If you have any questions or comments regarding this article, please contact bgp@ruud.org.