Bogon Filtering: Saving the Internet, One Packet at a Time
Oh dreary bogon, thou spectral byte,
Lurking unseen in the routers’ night,
Thy packets flart in a miscreant’s glee,
A spurious glitch in the great IP.Bogus and baleful, thy headers do reek,
Of Martian packets with intentions oblique,
Unallocated! Unwanted! Thy nature unclear,
Like a Vogon verse, thou bringest us fear.Lo! Thou art banished, yet still thou dost roam,
Through filters unpatched, thy falsehood finds home,
Beware the link-local, the unholy spoof,
Thy phantomous routing defies the aloof.Oh bogus space, thou ether’s disgrace,
Reserved for no one, yet filling thy place,
Shall I update thee? Or leave thee to rot?
For IANA’s whim, thy fate is forgot.
Meet the Bogon
Certain IP address ranges, unclaimed by the Internet Assigned Numbers Authority (IANA) or Regional Internet Registries (RIRs), fall into the category of bogon ranges. Toss in reserved private ranges and link-local addresses, and you’ve got what’s affectionately (or not) called bogus space.
IPv4 Bogon Ranges
| Range | Description |
|---|---|
| 0.0.0.0/8 | “This” network |
| 10.0.0.0/8 | Private-use networks |
| 100.64.0.0/10 | Carrier-grade NAT |
| 127.0.0.0/8 | Loopback addresses |
| 127.0.53.53 | Name collision occurrence |
| 169.254.0.0/16 | Link-local addresses |
| 172.16.0.0/12 | Private-use networks |
| 192.0.0.0/24 | IETF protocol assignments |
| 192.0.2.0/24 | Reserved for TEST-NET-1 |
| 192.168.0.0/16 | Private-use networks |
| 198.18.0.0/15 | Network interconnect benchmarking |
| 198.51.100.0/24 | Reserved for TEST-NET-2 |
| 203.0.113.0/24 | Reserved for TEST-NET-3 |
| 224.0.0.0/4 | Multicast addresses |
| 240.0.0.0/4 | Reserved for future use |
| 255.255.255.255/32 | Limited broadcast address |
IPv6 Bogon Ranges
| Range | Description |
|---|---|
| ::/128 | Node-scope unicast unspecified address |
| ::1/128 | Node-scope unicast loopback address |
| ::ffff:0:0/96 | IPv4-mapped addresses |
| ::/96 | IPv4-compatible addresses |
| 100::/64 | Remotely triggered black hole addresses |
| 2001:10::/28 | Overlay routable cryptographic hash identifiers |
| 2001:db8::/32 | Documentation prefix |
| fc00::/7 | Unique local addresses (ULA) |
| fe80::/10 | Link-local unicast addresses |
| fec0::/10 | Site-local unicast addresses (deprecated) |
| ff00::/8 | Multicast addresses |
Additional IPv6 Bogon Ranges
| IPv6 Range | Corresponding IPv4 Bogon Range | Description |
|---|---|---|
| 2002::/24 | 0.0.0.0/8 | 6to4 bogon |
| 2002:a00::/24 | 10.0.0.0/8 | 6to4 bogon |
| 2002:7f00::/24 | 127.0.0.0/8 | 6to4 bogon |
| 2002:a9fe::/32 | 169.254.0.0/16 | 6to4 bogon |
| 2002:ac10::/28 | 172.16.0.0/12 | 6to4 bogon |
| 2002:c000::/40 | 192.0.0.0/24 | 6to4 bogon |
| 2002:c0a8::/32 | 192.168.0.0/16 | 6to4 bogon |
| 2001::/40 | 0.0.0.0/8 | Teredo bogon |
| 2001:0:a00::/40 | 10.0.0.0/8 | Teredo bogon |
| 2001:0:c0a8::/48 | 192.168.0.0/16 | Teredo bogon |
Why Bogons Matter
When implemented correctly, bogon filtering keeps the Internet safe from spoofed traffic and nefarious schemes. But here’s the twist: as IP ranges are allocated, yesterday’s bogons may become today’s legitimate addresses. If your filters aren’t updated, you might find yourself blocking real users—or worse, blaming them for your Vogon-level oversight.
Lessons from Bogon Space
In the same way Vogons have a knack for taking simple bureaucracy and inflating it into a cosmic ordeal, managing bogon filtering requires balancing simplicity with constant updates. A misstep could leave you stranded in a digital Martian desert or, worse, open the floodgates to intergalactic poetry readings.
As much as we might wish to ignore them, bogons and their analogues in poetry aren’t going away. Whether you’re configuring network filters or enduring a Vogon recital, vigilance is your greatest ally.
Until then, keep your filters sharp, your ears covered, and your towel handy. Because whether it’s bad poetry or rogue packets, you’re going to need all the help you can get.
