The Incredible Shrinking Bogon List

As the global IPv4 free pool reduces so does the size of the IPv4 bogon list

Unless you have deserted on an island you presumably have heard about the IPv4 address depletion crisis. The future of our IPv4 Internet is destined for rough times with NAT444/CGN/LSN and a marketplace for IPv4 addresses that is sure to balloon the size of BGP tables. However, with all this doom and gloom there is one silver lining on the dark cloud. The bogon list is shrinking and so are our filters blocking packets using these unallocated/reserved addresses.

With Interop graciously relinquished their 45/8 IPv4 address block back to ARIN. That adds about another month-or-so to the depletion countdown timers. IPv4 address exhaustion is rapidly approaching and, unfortunately, there is little anyone can do to prevent it. As more and more IPv4 address space is allocated then the amount of unallocated or reserved address space reduces.

For many years I have been referencing the Team Cymru router hardening guides. This group maintains a current list of IPv4 bogons. A bogon is a term used for an IP address that is unallocated or reserved and should not be used on the Internet. The term bogon is a play on words that combines the word bogus and some of the terms used for subatomic particles. Another term that is synonymous with bogons is the term Martians. This is not a reference to the friendly life forms inhabiting the fourth planet in our solar system. Juniper routers refer to these unallocated addresses in the routing table as Martians.

Most organizations perform bogon filtering at their network perimeters to prevent packets with these types of addresses from crossing these thresholds. Either these addresses are being used inside and the filters prevent them from escaping or you are on the other side and you don't want someone else's bogons infiltrating your network. A popular technique for hardening routers is to eliminate the ability to route traffic for bogus IP address blocks. There is a well-defined list of IP address ranges that are not allocated by Internet registries. Therefore, IP addresses either destined to or sourced from these IP addresses are invalid and should be dropped.

I was talking with my colleague Tim Clegg the other day and we were amazed at how small the bogon list had become.

I remember back in 2007 when the bogons list had 50 entries and looked something like this: 0.0.0.0 255.0.0.0 1.0.0.0 255.0.0.0 2.0.0.0 255.0.0.0 5.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 23.0.0.0 255.0.0.0 27.0.0.0 255.0.0.0 31.0.0.0 255.0.0.0 36.0.0.0 255.0.0.0 37.0.0.0 255.0.0.0 39.0.0.0 255.0.0.0 42.0.0.0 255.0.0.0 46.0.0.0 255.0.0.0 49.0.0.0 255.0.0.0 50.0.0.0 255.0.0.0 100.0.0.0 255.0.0.0 101.0.0.0 255.0.0.0 102.0.0.0 255.0.0.0 103.0.0.0 255.0.0.0 104.0.0.0 255.0.0.0 105.0.0.0 255.0.0.0 106.0.0.0 255.0.0.0 107.0.0.0 255.0.0.0 108.0.0.0 255.0.0.0 109.0.0.0 255.0.0.0 110.0.0.0 255.0.0.0 111.0.0.0 255.0.0.0 112.0.0.0 255.0.0.0 113.0.0.0 255.0.0.0 127.0.0.0 255.0.0.0 169.254.0.0 255.255.0.0 172.16.0.0 255.240.0.0 173.0.0.0 255.0.0.0 174.0.0.0 255.0.0.0 175.0.0.0 255.0.0.0 176.0.0.0 255.0.0.0 177.0.0.0 255.0.0.0 178.0.0.0 255.0.0.0 179.0.0.0 255.0.0.0 180.0.0.0 255.0.0.0 181.0.0.0 255.0.0.0 182.0.0.0 255.0.0.0 183.0.0.0 255.0.0.0 184.0.0.0 255.0.0.0 185.0.0.0 255.0.0.0 192.0.2.0 255.255.255.0 192.168.0.0 255.255.0.0 197.0.0.0 255.0.0.0 223.0.0.0 255.0.0.0 224.0.0.0 224.0.0.0

Now the dotted decimal aggregated bogon list has 22 entries and looks like this: 0.0.0.0 255.0.0.0 5.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 23.0.0.0 255.0.0.0 37.0.0.0 255.0.0.0 39.0.0.0 255.0.0.0 100.0.0.0 255.0.0.0 102.0.0.0 254.0.0.0 104.0.0.0 254.0.0.0 106.0.0.0 255.0.0.0 127.0.0.0 255.0.0.0 169.254.0.0 255.255.0.0 172.16.0.0 255.240.0.0 179.0.0.0 255.0.0.0 185.0.0.0 255.0.0.0 192.0.0.0 255.255.255.0 192.0.2.0 255.255.255.0 192.168.0.0 255.255.0.0 198.18.0.0 255.254.0.0 198.51.100.0 255.255.255.0 203.0.113.0 255.255.255.0 224.0.0.0 224.0.0.0

As more IPv4 addresses are allocated the bogon list will end up looking like a tidy little list. In the next 6 months or so the list could look something like this. 0.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 127.0.0.0 255.0.0.0 169.254.0.0 255.255.0.0 172.16.0.0 255.240.0.0 192.0.0.0 255.255.255.0 192.0.2.0 255.255.255.0 192.168.0.0 255.255.0.0 198.18.0.0 255.254.0.0 198.51.100.0 255.255.255.0 203.0.113.0 255.255.255.0 224.0.0.0 224.0.0.0

On the flip side of the coin, as you prepare to deploy IPv6, you will want to perform IPv6 bogon filtering at your perimeter. Below is a list of the IPv6 source and destination addresses that you will want to block at your perimeter. :: ::1 ::ffff:0.0.0.0/96 ::ffff:10.0.0.0/104 ::ffff:127.0.0.0/104 ::ffff:172.16.0.0/108 ::ffff:192.168.0.0/112 ::ffff:224.0.0.0/100 ::ffff:240.0.0.0/100 ::ffff:255.0.0.0/104 2002:e000::/20 2002:7f00::/24 2002:0000::/24 2002:ff00::/24 2002:0a00::/24 2002:ac10::/28 2002:c0a8::/32 fe80::/10 fec0::/10 fc00::/7 ff00::/8 2001:db8::/32 3ffe::/16

In the mean time we can look on the bright side. Soon we will be out of IPv4 addresses, but at least our bogon filters will be small and easy to administer.

Scott

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: 10 new UI features coming to Windows 10