Martian packet
A Martian packet is an IP packet seen on the public Internet that contains a source or destination address that is reserved for special use by the Internet Assigned Numbers Authority (IANA) as defined in RFC 1812, Appendix B Glossary (Martian Address Filtering). On the public Internet, such a packet either has a spoofed source address, and it cannot actually originate as claimed, or the packet cannot be delivered.[1] The requirement to filter these packets (i.e. not forward them) is found in RFC 1812, Section 5.3.7 (Martian Address Filtering).
Martian packets commonly arise from IP address spoofing in denial-of-service attacks,[2] but can also arise from network equipment malfunction or misconfiguration of a host.[1]
In Linux terminology, a Martian packet is an IP packet received by the kernel on a specific interface, while routing tables indicate that the source IP is expected on another interface.[3][4]
The name is derived from packet from Mars, meaning that packet seems to be not of this Earth.[5]
IPv4 and IPv6
In both IPv4 and IPv6, a Martian packet has a source address, a destination address, or both within one of the special-use ranges.[6]
Transition mechanisms
6to4
6to4 is an IPv6 transition technology where the IPv6 address encodes the originating IPv4 address such that every IPv4 /32 has a corresponding, unique IPv6 /48 prefix. Because 6to4 relays use the encoded value for determining the end site of the 6to4 tunnel, 6to4 addresses corresponding to IPv4 Martians are not routable and should never appear on the public Internet.
Teredo tunneling
Teredo is another IPv6 transition technology that encodes the originating IPv4 address in the IPv6 address. However, the encoding format encodes the Teredo server address and tunnel information before the IPv4 client address. Thus there is no definable set of prefixes more specific than 2001:0::/32 for Teredo packets with Martian end-site addresses. It is, however, possible to spoof Teredo packets with the Teredo server IPv4 address set to a Martian.
Implementation
Some of the large router have functionality to filter out specifically for Martian Filtering packet and address.
- Juniper Junos OS has
martians
.[7] - Cisco IOS does not have Martian Filtering, and uses
ip access-list
[8] - Cisco Small Business has
Martian Addresses
[9]
See also
References
- ^ a b Baker, F. (June 1995). Requirements for IP Version 4 Routers. doi:10.17487/RFC1812. RFC 1812. Retrieved 2021-08-18.
- ^ Baker, F.; Savola, P. (March 2004). Ingress Filtering for Multihomed Networks. doi:10.17487/RFC3704. BCP 84. RFC 3704. Retrieved 2021-08-18.
- ^ "Martian sources errors showing in messages log". Retrieved 2022-07-02.
- ^ "Red Hat Enterprise Linux 5.2 - Kernel: Martian Source Messages". Retrieved 2022-07-02.
- ^ "Jargon File: martian". Archived from the original on 2010-12-17. Retrieved 2010-12-25.
- ^ M. Cotton; L. Vegoda; B. Haberman (April 2013). R. Bonica (ed.). Special-Purpose IP Address Registries. IETF. doi:10.17487/RFC6890. RFC 6890. Updated by RFC 8190.
- ^ "Recognize Martian Addresses for Routing | Junos OS | Juniper Networks". www.juniper.net. Retrieved 2024-06-04.
- ^ "Bogon and Martian blocking on L3 Switch". community.cisco.com. 2010-06-24. Retrieved 2024-06-04.
- ^ "Denial of Service (DoS) Martian Address Configuration on 300 Series Managed Switches". Cisco. Retrieved 2024-06-04.