Sunday 16 March 2025
The internet is awash with traffic that’s not quite what it seems. Bogons, packets with source addresses that don’t belong on public networks, are a ubiquitous presence in online communication. While they might seem harmless, these rogue packets can be used to launch devastating attacks, making them a major concern for network security experts.
To get a better grasp of the scale of the problem, researchers turned their attention to Bogon traffic transiting across thousands of autonomous systems (ASes). They analyzed data from CAIDA Ark, a massive dataset of internet routes and measurements, and compared it to historical BGP routing information from RIPE RIS and RouteViews.
The results are sobering. Despite the development of source address validation techniques and guidelines like BCP 38 and BCP 84, Bogon traffic is still rampant across the internet. In fact, a staggering 82% to 97% of vantage points observed paths containing Bogon IPs, primarily RFC1918 addresses reserved for private use.
The researchers also identified more than 13,000 unique ASes transiting Bogon traffic, with only 11% appearing in more than half of the measurements. This suggests that many networks are not properly filtering out these rogue packets, leaving them vulnerable to abuse.
But what’s most striking is how widespread this problem is. The researchers mapped the occurrences of Bogon traffic across countries and found that almost every nation on earth has at least some ASes transiting this type of traffic. Even more concerning, many of these nations have a high proportion of their networks affected.
To better understand the dynamics of Bogon traffic, the researchers analyzed the Jaccard similarity of ASNs transiting particular types of Bogons across months in 2023. They found that certain types of Bogons are more likely to be seen together, suggesting patterns and relationships between different networks and routes.
The study also shed light on the distribution of Bogon traffic across countries. Using a colormap, the researchers visualized the number of ASNs per country transiting Bogons. The results show a clear pattern, with many developed nations having a higher proportion of their networks affected than less developed ones.
These findings have significant implications for network security and hygiene. As the internet continues to grow and evolve, it’s essential that networks take steps to properly filter out Bogon traffic and prevent its misuse. This includes implementing robust source address validation techniques and ensuring that networks are configured correctly to block these rogue packets.
Cite this article: “The Widespread Problem of Bogon Traffic: A Threat to Network Security”, The Science Archive, 2025.
Bogon Traffic, Network Security, Internet Routing, Autonomous Systems, Ases, Source Address Validation, Bcp 38, Bcp 84, Rfc1918 Addresses, Network Hygiene.
