This study reveals widespread traversal of private/reserved IP addresses (e.g., RFC 1918) across public Internet paths, exposing pervasive failure of Source Address Validation (SAV), which severely impedes DDoS attack traceback and degrades network hygiene. Method: Leveraging CAIDA Ark traceroute, RIPE RIS, and RouteViews BGP data from 2017–2023, we construct the first cross-AS joint traceroute–BGP analysis framework and introduce Bogon traffic inter-AS forwarding rate as a novel metric for quantifying network hygiene. Contribution/Results: We observe private-IP-containing paths at 82.69%–97.83% of measurement nodes; 19.70% of traceroutes contain RFC 1918 source addresses. We identify >13,000 ASes forwarding Bogon traffic, among which 62% are labeled “compliant” by MANRS/Spoofer yet fail to filter private-source packets—revealing critical gaps in current compliance assessments. Finally, we propose fine-grained, operationally actionable recommendations for deploying BCP 38/84.

Spoofed traffic has been identified as one of the main issues of concern for network hygiene nowadays, as it facilitates Distributed Denial-of-Service (DDoS) attacks by hiding their origin and complicating forensic investigations. Some indicators of poor network hygiene are packets with Bogon or Martian source addresses representing either misconfigurations or spoofed packets. Despite the development of Source Address Validation (SAV) techniques and guidelines such as BCP 38 and BCP 84, Bogons are often overlooked in the filtering practices of network operators. This study uses traceroute measurements from the CAIDA Ark dataset, enriched with historical BGP routing information from RIPE RIS and RouteViews, to investigate the prevalence of Bogon addresses over seven years (2017-2023). Our analysis reveals widespread non-compliance with best practices, with Bogon traffic detected across thousands of ASes. Notably, 82.69%-97.83% of CAIDA Ark vantage points observe paths containing Bogon IPs, primarily RFC1918 addresses. Additionally, 19.70% of all analyzed traceroutes include RFC1918 addresses, while smaller proportions involve RFC6598 (1.50%) and RFC3927 (0.10%) addresses. We identify more than 13,000 unique ASes transiting Bogon traffic, with only 11.64% appearing in more than half of the measurements. Cross-referencing with the Spoofer project and MANRS initiatives shows a concerning gap: 62.67% of ASes that do not filter packets with Bogon sources are marked as non-spoofable, suggesting incomplete SAV implementation. Our contributions include an assessment of network hygiene using the transiting of Bogon packets as a metric, an analysis of the main types of Bogon addresses found in traceroutes, and several proposed recommendations to address the observed gaps, enforcing the need for stronger compliance with best practices to improve global network security.