I gave it attention when I set my pfSense CE, glad to see it referenced on your channel
@vitorhugopereiradesousa17212 ай бұрын
sounds like a villain race from a scifi series, never heard the name but I did know you shouldn't encounter 10.x.x.x addresses and various others on the internet
@quineloe2 ай бұрын
Yes
@scatpack10172 ай бұрын
Nope, never even occurred to me.
@sail4life2 ай бұрын
Anyone who’s been to an Australian pub knows the importance of bogan filtering.
@lukasberk2 ай бұрын
As a Brit with Ozzy mates I appreciate your comment lol
@damianchang6439Ай бұрын
What are those? I spent some time there and never heard that before. Now I think I didn't spent as much as I needed to have a complete Aussie experience 😅
@DocaTafnerАй бұрын
my ears cannot unhearing this as Vogon :D
@istvanbarta2 ай бұрын
At least it isn't poetry
@mosescosme86292 ай бұрын
it really is meant to be filtered
@D3nchanter2 ай бұрын
Don't let them read poetry to you
@thomasw442224 күн бұрын
I'm so glad you exists man ❤️
@Mister.BreadBoard6 күн бұрын
A video I can fully understand! FINALLY! Love your work great job!
@robertallison5665Ай бұрын
Your voice and information are so addicting 😂
@MuttuswamiVenugopalIyer2 ай бұрын
Keep making this i am learning a lot
@highlights9732 ай бұрын
I'm currently at the point I'm realizing I haven't learned enough 🫠
@acidtab6386Ай бұрын
"Should" sounds like a challenge
@tylerkennedy698Ай бұрын
I am aware of the addresses and filtering them but I never heard them referred to as bogons.
@usp211816Ай бұрын
Watching this reminded me I need to reconfigure my pfsense build since I wiped it clean ughhhhhh lmao. Also note to self play more often with wireshark
@mapache21852 ай бұрын
Strange thing happened during my research on Tor network. While running a TLS/SSL scan on Hidden Services or onion addresses (which should result in an error) resulted in these Bogan Addresses, unique to each onion address. Still don’t know why is this actually happened.
@jubinrajnirmal81956 күн бұрын
Upload a step by step video on how to block these bogon ip addresses.
@terrence369Ай бұрын
Why do they need to be updated dynamically? I know that IANA could THEORETICALLY assign a currently unused space, but they don't really do that so often, from what i understand...
@DingleFlopАй бұрын
Hey that's interesting... teach us Firepower and FMC sir David and firewall best practices? ☺️
@nerdy-zeig77742 ай бұрын
Thank you for sharing
@dannyonnet86Ай бұрын
Wouldn't getting that list from netgate servers be like the holy grail to greenlight a particular ip address, so then anyone with the updated list is vulnerable?
@A_barrelАй бұрын
Heyyy this is good to know!
@awesomecronk71832 ай бұрын
Why does it beed to be fetched if its a constant set of ranges?
@Barc0d327 күн бұрын
No, but I know what Vogon poetry is.
@paulsengupta971Ай бұрын
Vogon filtering oh freddled gruntbuggly
@Runepriest442Ай бұрын
Don't forget that your ISP can be using a RFC 1918 (private IP range) coming from your Internet/WAN side if you have services like VoIP or IPTV.
@DocaTafnerАй бұрын
They can, however, send it across on a different VLAN (yup, those exist on WAN) so it might not appear along your regular Internet traffic. In any case, if you're meddling with your firewall and your connection to your ISP, it should come as no surprise.
@DocaTafnerАй бұрын
I have a question, im really worried about that, i was checking my ip address in my android settings, and i found that it starts with 10... So when i checked that IP address in IPINFO i found thats it's a bogon, then i was confused if someone is actually tracking my internet traffic or its kind of security provided by the operator/phone security. Please give me a clue.
@amj408325 күн бұрын
@@amj4083don’t worry about it. There are two scenarios for that, but the most common is this one: probably that address is on your Wi-Fi interface, right? That address you see is part of your local network. Before your traffic leaves the router it goes through a process called NAT (Network Address Translation). The data you send out to the Internet has your source address changed to your public IP (which works on the Internet so the other side of the connection knows where to reply to). NAT usually happens at your router. The the other scenario is when this NAT happens at your Internet Service Provider. It’s the same process but since it’s on a massive scale, it’s called cgNAT (Carrier-grade NAT). It’s the same process, just happening a bit further down the path. This second scenario might happen on your cellular network connection (“4G”).
@DocaTafner25 күн бұрын
So almost every free proxy server you would get on the first google page?
@valrach7303Ай бұрын
Hello David. I was interested in some open-source network monitoring software. Do you have any suggestions?
@BoostedFA2 ай бұрын
Wire Shark/Ethereal.
@deang56222 ай бұрын
David I’m just want you to know that I’m enjoining your videos
@clickclick3205Ай бұрын
It's not even close. Bogon filtering is to keep swarms of billions of moths out. Your firewall is bright and attracts the moths. Also they're twice the size of a cicada. The moths are real. Welcome to Australia. Supposed to be delicious to eat though. LMAO
@Alex.The.LionnnnnАй бұрын
i heard today about bogon ip's, sir, is bogon filtering available in iptables and firewalld ? sir, am i able to generate bogon ip at my private network ?
@tuhaniatech2 ай бұрын
****Bogons sound fun for hunting. 😊
@TexasBig2 ай бұрын
Ummmm, all FW blocks all IPs and permits by exception
@jeremymead73722 ай бұрын
Very interesting
@wisteela2 ай бұрын
Oi mnr is that a saffa accent i hear?
@codmizuki97612 ай бұрын
How this address can be routed in internet ? First router not controled by a hacker will not drop the packet ?
@antoineterr62052 ай бұрын
The To address in the packet is what routers use to route the packet. The From address is not used. So the From address can be bogon and the packet will be routed to the destination. However, because the From address is not genuine, the destination cannot successfully reply back to the From address, so the hacker can't perform say, SSH, but can perform a DOS attack.
@deang56222 ай бұрын
Looks like a potential IT project for your portfolio. Question is do we have the capabilities to do this process from home. Can you make more videos on potential IT projects you can do from home. Maybe through the cloud; or EVE NG. Generating traffic too filter. Actually asking the correct questions via the net will give me the correct answers.
@derricksmalls22932 ай бұрын
Look up Pihole
@zfjames2 ай бұрын
Maybe I’m wrong but is this not just a case of blacklisting IP ranges on your routers firewall? Maybe not possible with the ISP router but you likely can with a third party router and definitely can if you’re running a dedicated firewall on e.g. a raspberry pi
@smaaack2 ай бұрын
@@smaaack I just need to do more projects with the skills I learned or read. Extended ACL concepts that may work with Snort, anything jobs may require for you to do.
@derricksmalls22932 ай бұрын
You always do a good job, but sometimes you go so fast I can't even keep up with what you're saying.
@joelrggizmo13732 ай бұрын
🤯🤯🤯🤯
@riyandone45542 ай бұрын
169.254 addresses aren't link local, it's APIPA, but anyway shouldn't be routable
@OldGrumpySad2 ай бұрын
You saying that the RFC is incorrect? There is a history of APIPA and link local. See here on Wireshark for example: wiki.wireshark.org/APIPA
@davidbombal2 ай бұрын
@@davidbombal Never argue with CCIE (c) Thanks, David, it's my fault :)
@OldGrumpySadАй бұрын
can a website detect if I'm using a remote access tool like chrome remote desktop
@zohaib93812 ай бұрын
No
@smaaack2 ай бұрын
How can an IP address be spoofed? What does it mean that it “must not exist from the Internet”? So, in an ideal world, all bogons should be blocked on all websites? Thanks
@tdrg_2 ай бұрын
Yes, these can be spoofed. They should be blocked, but are often not. One issue is that the address range changes over time as more addresses are allocated.
@davidbombal2 ай бұрын
The originating address does not exist or is not from the actual ip address it originated from. You can craft an IP packet and change the ip. An example to use this would be flooding a destination ip with bad data causing an attack that overwhelms the destination. Denial of Service attack. The attacker does not care about the reply, just flooding the destination.
@TheDevnul2 ай бұрын
how in the world do these packets make it through to a destination? how can they be routed? how can a return be routed?
@MissMyMusicAddiction2 ай бұрын
They should be blocked but we're often seen a big difference between what should be done and what is actually done. I've personally seen RFC1918 addresses routed internationally :( And for DDOS attacks, Bogon addresses could be used so the traffic doesn't get back to the actual sender.
@davidbombal2 ай бұрын
As stated there is no means of return, but they have IP anonymity. There are better ways of being anonymous(VPN, Proxy, etc), so there isn't really any reason for use other than those that are unethical like DOS, DDOS, and various other anonymous attack methods.
@hadensnodgrass34722 ай бұрын
You can still perform a DOS attack with fake From addresses in the packets.
@deang56222 ай бұрын
ok but when i am on 5g network my external ip is nated and starts with 10.x.x.x
@00Jimmy002 ай бұрын
That’s CGNAT
@AlanBerger13372 ай бұрын
Mobile networks are essentially large private networks and use NAT (or CG-NAT) like any other IPv4 network. You’ll share a public IP address with many other devices just like your home network
@smaaack2 ай бұрын
ok but still public ip starts with 10.x.x.x
@00Jimmy002 ай бұрын
Good question
@pnp3462 ай бұрын
@@00Jimmy00 This is due to CGNAT. From my understanding, the 10.x.x.x “public IP” you’re talking about is just the IP address assigned to the router your device is connected to. A single public IP address is shared among multiple routers to avoid IPv4 depletion. CGNAT is effectively NAT but with an extra layer.
Did you know about Bogon addresses?
No
I gave it attention when I set my pfSense CE, glad to see it referenced on your channel
sounds like a villain race from a scifi series, never heard the name but I did know you shouldn't encounter 10.x.x.x addresses and various others on the internet
Yes
Nope, never even occurred to me.
Anyone who’s been to an Australian pub knows the importance of bogan filtering.
As a Brit with Ozzy mates I appreciate your comment lol
What are those? I spent some time there and never heard that before. Now I think I didn't spent as much as I needed to have a complete Aussie experience 😅
my ears cannot unhearing this as Vogon :D
At least it isn't poetry
it really is meant to be filtered
Don't let them read poetry to you
I'm so glad you exists man ❤️
A video I can fully understand! FINALLY! Love your work great job!
Your voice and information are so addicting 😂
Keep making this i am learning a lot
I'm currently at the point I'm realizing I haven't learned enough 🫠
"Should" sounds like a challenge
I am aware of the addresses and filtering them but I never heard them referred to as bogons.
Watching this reminded me I need to reconfigure my pfsense build since I wiped it clean ughhhhhh lmao. Also note to self play more often with wireshark
Strange thing happened during my research on Tor network. While running a TLS/SSL scan on Hidden Services or onion addresses (which should result in an error) resulted in these Bogan Addresses, unique to each onion address. Still don’t know why is this actually happened.
Upload a step by step video on how to block these bogon ip addresses.
Why do they need to be updated dynamically? I know that IANA could THEORETICALLY assign a currently unused space, but they don't really do that so often, from what i understand...
Hey that's interesting... teach us Firepower and FMC sir David and firewall best practices? ☺️
Thank you for sharing
Wouldn't getting that list from netgate servers be like the holy grail to greenlight a particular ip address, so then anyone with the updated list is vulnerable?
Heyyy this is good to know!
Why does it beed to be fetched if its a constant set of ranges?
No, but I know what Vogon poetry is.
Vogon filtering oh freddled gruntbuggly
Don't forget that your ISP can be using a RFC 1918 (private IP range) coming from your Internet/WAN side if you have services like VoIP or IPTV.
They can, however, send it across on a different VLAN (yup, those exist on WAN) so it might not appear along your regular Internet traffic. In any case, if you're meddling with your firewall and your connection to your ISP, it should come as no surprise.
I have a question, im really worried about that, i was checking my ip address in my android settings, and i found that it starts with 10... So when i checked that IP address in IPINFO i found thats it's a bogon, then i was confused if someone is actually tracking my internet traffic or its kind of security provided by the operator/phone security. Please give me a clue.
@@amj4083don’t worry about it. There are two scenarios for that, but the most common is this one: probably that address is on your Wi-Fi interface, right? That address you see is part of your local network. Before your traffic leaves the router it goes through a process called NAT (Network Address Translation). The data you send out to the Internet has your source address changed to your public IP (which works on the Internet so the other side of the connection knows where to reply to). NAT usually happens at your router. The the other scenario is when this NAT happens at your Internet Service Provider. It’s the same process but since it’s on a massive scale, it’s called cgNAT (Carrier-grade NAT). It’s the same process, just happening a bit further down the path. This second scenario might happen on your cellular network connection (“4G”).
So almost every free proxy server you would get on the first google page?
Hello David. I was interested in some open-source network monitoring software. Do you have any suggestions?
Wire Shark/Ethereal.
David I’m just want you to know that I’m enjoining your videos
It's not even close. Bogon filtering is to keep swarms of billions of moths out. Your firewall is bright and attracts the moths. Also they're twice the size of a cicada. The moths are real. Welcome to Australia. Supposed to be delicious to eat though. LMAO
i heard today about bogon ip's, sir, is bogon filtering available in iptables and firewalld ? sir, am i able to generate bogon ip at my private network ?
****Bogons sound fun for hunting. 😊
Ummmm, all FW blocks all IPs and permits by exception
Very interesting
Oi mnr is that a saffa accent i hear?
How this address can be routed in internet ? First router not controled by a hacker will not drop the packet ?
The To address in the packet is what routers use to route the packet. The From address is not used. So the From address can be bogon and the packet will be routed to the destination. However, because the From address is not genuine, the destination cannot successfully reply back to the From address, so the hacker can't perform say, SSH, but can perform a DOS attack.
Looks like a potential IT project for your portfolio. Question is do we have the capabilities to do this process from home. Can you make more videos on potential IT projects you can do from home. Maybe through the cloud; or EVE NG. Generating traffic too filter. Actually asking the correct questions via the net will give me the correct answers.
Look up Pihole
Maybe I’m wrong but is this not just a case of blacklisting IP ranges on your routers firewall? Maybe not possible with the ISP router but you likely can with a third party router and definitely can if you’re running a dedicated firewall on e.g. a raspberry pi
@@smaaack I just need to do more projects with the skills I learned or read. Extended ACL concepts that may work with Snort, anything jobs may require for you to do.
You always do a good job, but sometimes you go so fast I can't even keep up with what you're saying.
🤯🤯🤯🤯
169.254 addresses aren't link local, it's APIPA, but anyway shouldn't be routable
You saying that the RFC is incorrect? There is a history of APIPA and link local. See here on Wireshark for example: wiki.wireshark.org/APIPA
@@davidbombal Never argue with CCIE (c) Thanks, David, it's my fault :)
can a website detect if I'm using a remote access tool like chrome remote desktop
No
How can an IP address be spoofed? What does it mean that it “must not exist from the Internet”? So, in an ideal world, all bogons should be blocked on all websites? Thanks
Yes, these can be spoofed. They should be blocked, but are often not. One issue is that the address range changes over time as more addresses are allocated.
The originating address does not exist or is not from the actual ip address it originated from. You can craft an IP packet and change the ip. An example to use this would be flooding a destination ip with bad data causing an attack that overwhelms the destination. Denial of Service attack. The attacker does not care about the reply, just flooding the destination.
how in the world do these packets make it through to a destination? how can they be routed? how can a return be routed?
They should be blocked but we're often seen a big difference between what should be done and what is actually done. I've personally seen RFC1918 addresses routed internationally :( And for DDOS attacks, Bogon addresses could be used so the traffic doesn't get back to the actual sender.
As stated there is no means of return, but they have IP anonymity. There are better ways of being anonymous(VPN, Proxy, etc), so there isn't really any reason for use other than those that are unethical like DOS, DDOS, and various other anonymous attack methods.
You can still perform a DOS attack with fake From addresses in the packets.
ok but when i am on 5g network my external ip is nated and starts with 10.x.x.x
That’s CGNAT
Mobile networks are essentially large private networks and use NAT (or CG-NAT) like any other IPv4 network. You’ll share a public IP address with many other devices just like your home network
ok but still public ip starts with 10.x.x.x
Good question
@@00Jimmy00 This is due to CGNAT. From my understanding, the 10.x.x.x “public IP” you’re talking about is just the IP address assigned to the router your device is connected to. A single public IP address is shared among multiple routers to avoid IPv4 depletion. CGNAT is effectively NAT but with an extra layer.
So why they exist
They were reserved for different reasons
Sir please send me a laptop 💻 please sir
David
Hello!