Bogons be gone!
Last Updated on by
Hello, A critical part of any solid internet facing server is to help prevent unauthorized access to the server. For example, DNS attacks are often instigated from something called Bogon addresses. Who cares, well I do for one! These are addresses that are not supposed to be in the wild. Ok, so some crackers use bogons to help hid their identities. After all, if the address is not assigned out; well then, how are you supposed to track where it came from?
Terms used in this article.
What is a Bogon? Well, it is an address which is not assigned by IANA (Internet Assigned Number Authority ). Furthermore, every region has an authorized agency who hands out addresses these are also known as
PTI (Public Technical Identifiers). Basically, there is a list on addresses that are not meant to be publicly or privately used and if allowed to propagate through the network to be misused. So, see this article on Bogon for more information complete information.
How can they be stopped?
Now it is clear bogons are bad; how do we stop them? Well, many ISP’s and routers are already configured to stop bogons. Also, there is a difficulty with bogons. Well, it is a dynamic list that can change at any time. So, what is one to do? Well, get the list dynamically is the best answer.
First, get the list from www.cymru.org the list address is: http://www.cymru.com/Documents/bogon-bn-agg.txt
Then a script can be written to add to the firewall:
for ipaddr in `cat /etc/firewall/ip_spoof.list` do iptables -A INPUT -s $ipaddr -i eth0 -j ip_spoof iptables -A FORWARD -s $ipaddr -i eth0 -j ip_spoof done iptables -N ip_spoof iptables -A ip_spoof -j LOG --log-prefix IP_SPOOF iptables -A ip_spoof -j DROP
Note: this script is just an example. So, please confirm it meets your needs for bogon filtering before implementing in your network. In other words, If you do not know what you are doing do NOT apply this script.
More to come…
Anyway, More to come on this topic. I just wanted to get this in a post so that I do not loose it. Last, here are my todo’s:
- Complete the above script to use in my BIND9 DNS example.
- Add a script for ufw firewalls too.
References and resources: