Bogon IP Address



  • Avatar

    This IP address is a link-local, likely self-assigned IP address. This means the traffic you are seen is local ... Since the direction is outbound/download, your device is receiving this data. 

    I don't think you can block this IP, since it is a local address, and unless your service provider does something tricky to it, the IP address is only unique within your LAN. Why firewalla getting it is strange. 

    What/who is your service provider? Can you try to ping this address and see if it is routed to your ISP?

    On question (2), firewalla can't see the details, you will need something running on the OS to see exactly what being downloaded. 


    Comment actions Permalink
  • Avatar
    James Willhoite

    Do you have TimeMachine set up on a network device? My Mac recently did a TimeMachine backup about that size due to the Update Apple just rolled out. I have a server that offers up a TimeMachine for my Mac to backup to. It is strange with that IP address as @Firewalla states, that ip is typically a Self Assigned IP address.

    Comment actions Permalink
  • Avatar
    Denzil Cousins

    Hi Firewalla Team and James Willhoite.  Many thanks for your responses, they are very much appreciated.

    Apologies for delay responding, I thought I'd set up an alert for any posts but I hadn't, so only just checked back.

    I think you are both correct!  

    Apologies to FW Team as I looked up the IP address and a TP Site stated 'Bogon' so started panicking a bit!  Now knowing it is network assigned leads me to conclusion that James suggested as I had trouble with 'finding' my Time Machine on the Network around that time.  I think I may have applied some over-zelous 'rules' to the Time Machine by 'restricting internet access' through Device Management and, given the TM is on a separate ethernet port on the FWG and Wireless access is turned off the device, perhaps I had promoted the TM to be assigned a local IP address that looked unusual (as above) and then my Mac backed up to it - hence the large transfer size.  

    During the process of trying to fix the network not being able to see the TM, I messed around (technical term) with the TM device and Group settings, even resorting to trying to plug the TM into one of my TP Link Deco WAPs and tryning to access it via Wifi instead of via my usual route of Mac-Netgear Ethernet Switch-FWG.  It seems to have been backing up fine since then with no mysterious IP addresses. TM is back on FWG Port directly now.

    My poorly educated guess is that a device (the TM) with 'Internet Access Block' via FWG may be assigned an unusual IP address as opposed something in the expected range - or perhaps it was a combination of this plus having my TM on a separate port.  I did this primarily as a defence against the TM being accessed from internet.  I may try the device restriction again to see what happens and report back if I have a similar IP address assigned.

    Thanks again for your help folks.


    Comment actions Permalink

Please sign in to leave a comment.