Martian packet
A Martian packet is an IP packet which specifies a source or destination address that is reserved for special-use by Internet Assigned Numbers Authority (IANA). If seen on the public internet, these packets cannot actually originate as claimed, or be delivered.[1] However, certain reserved addresses can be routed using multicast, or on private networks, local links, or loopback interfaces, depending on which special-use range they fall within.[2]
Martian packets commonly arise from IP address spoofing in denial-of-service attacks,[3] but can also arise from network equipment malfunction or misconfiguration of a host.[1]
The name is derived from packet from Mars, a place from which packets clearly can not originate.[4]
Contents
IPv4
Martians include bogons and packets with source or destination addresses within special-use ranges:[2]
-
Address Block Present Use 0.0.0.0/8 "This" network[5] 10.0.0.0/8 Private-use networks[6] 100.64.0.0/10 Carrier-grade NAT[7] 127.0.0.0/8 Loopback[5] 127.0.53.53 Name Collision Occurrence (listing in server logs denotes a collision in DNS.) [8] 169.254.0.0/16 Link local[9] 172.16.0.0/12 Private-use networks[6] 192.0.0.0/24 IETF protocol assignments[10] 192.0.2.0/24 TEST-NET-1[11] 192.168.0.0/16 Private-use networks[6] 198.18.0.0/15 Network interconnect device benchmark testing[12] 198.51.100.0/24 TEST-NET-2[11] 203.0.113.0/24 TEST-NET-3[11] 224.0.0.0/4 Multicast[13] 240.0.0.0/4 Reserved for future use[5] 255.255.255.255/32 Limited broadcast[14][15]
IPv6
Martian IPv6 packets include bogons and those having source or destination addresses with the following special-use prefixes:[16]
-
Address Block Present Use ::/128 Node-scope unicast unspecified address[17] ::1/128 Node-scope unicast loopback address[17] ::ffff:0:0/96 IPv4-mapped addresses[17] ::/96 IPv4-compatible addresses[17] 100::/64 Remotely Triggered Black Hole addresses[18] 2001:10::/28 Overlay Routable Cryptographic Hash IDentifiers (ORCHID)[19] 2001:db8::/32 Documentation prefix[20] fc00::/7 Unique local addresses (ULA)[21] fe80::/10 Link-local unicast[17] fec0::/10 Site-local unicast (deprecated)[22] ff00::/8 Multicast[17] (Note: ff0e:/16 is global scope and may appear on the global internet.)
6to4 is an IPv6 transition technology where the IPv6 address encodes the originating IPv4 address such that every IPv4 /32 has a corresponding, unique IPv6 /48 prefix. Because 6to4 relays use the encoded value for determining the end site of the 6to4 tunnel, 6to4 addresses corresponding to IPv4 martians are not routable and should never appear on the public internet. The 6to4 martians are as follows:
-
IPv4 Martian 6to4 Prefix 0.0.0.0/8 2002::/24 10.0.0.0/8 2002:a00::/24 127.0.0.0/8 2002:7f00::/24 169.254.0.0/16 2002:a9fe::/32 172.16.0.0/12 2002:ac10::/28 192.0.0.0/24 2002:c000::/40 192.0.2.0/24 2002:c000:200::/40 192.168.0.0/16 2002:c0a8::/32 198.18.0.0/15 2002:c612::/31 198.51.100.0/24 2002:c633:6400::/40 203.0.113.0/24 2002:cb00:7100::/40 224.0.0.0/4 2002:e000::/20 240.0.0.0/4 2002:f000::/20 255.255.255.255/32 2002:ffff:ffff::/48
Teredo is another IPv6 transition technology that encodes the originating IPv4 address in the IPv6 address. However, the encoding format encodes the Teredo server address and tunnel information before the IPv4 client address. Thus there is no definable set of prefixes more specific than 2001:0::/32 for Teredo packets with martian end-site addresses. It is, however, possible to spoof Teredo packets with the Teredo server IPv4 address set to a martian. The list of martian Teredo server address prefixes is as follows:
-
IPv4 Martian Teredo Server Address Prefix 0.0.0.0/8 2001::/40 10.0.0.0/8 2001:0:a00::/40 127.0.0.0/8 2001:0:7f00::/40 169.254.0.0/16 2001:0:a9fe::/48 172.16.0.0/12 2001:0:ac10::/44 192.0.0.0/24 2001:0:c000::/56 192.0.2.0/24 2001:0:c000:200::/56 192.168.0.0/16 2001:0:c0a8::/48 198.18.0.0/15 2001:0:c612::/47 198.51.100.0/24 2001:0:c633:6400::/56 203.0.113.0/24 2001:0:cb00:7100::/56 224.0.0.0/4 2001:0:e000::/36 240.0.0.0/4 2001:0:f000::/36 255.255.255.255/32 2001:0:ffff:ffff::/64
See also
References
- ↑ 1.0 1.1 RFC 1812 - Requirements for IP Version 4 Routers
- ↑ 2.0 2.1 RFC 6890 - Special Use IPv4 Addresses
- ↑ RFC 3704 - Ingress Filtering for Multihomed Networks
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 5.0 5.1 5.2 RFC 1122 - Requirements for Internet Hosts
- ↑ 6.0 6.1 6.2 RFC 1918 - Address Allocation for Private Internets
- ↑ RFC 6598 - IANA-Reserved IPv4 Prefix for Shared Address Space
- ↑ https://www.icann.org/news/announcement-2-2014-08-01-en
- ↑ RFC 3927 - Dynamic Configuration of IPv4 Link-Local Addresses
- ↑ RFC 5736 - IANA IPv4 Special Purpose Address Registry
- ↑ 11.0 11.1 11.2 RFC 5737 - IPv4 Address Blocks Reserved for Documentation
- ↑ RFC 2544 - Benchmarking Methodology for Network Interconnect Devices
- ↑ RFC 3171 - IANA Guidelines for IPv4 Multicast Address Assignments
- ↑ RFC 919 - Broadcasting Internet Datagrams
- ↑ RFC 922 - Broadcasting Internet Datagrams in the Presence of Subnets
- ↑ RFC 5156 - Special-Use IPv6 Addresses
- ↑ 17.0 17.1 17.2 17.3 17.4 17.5 RFC 4291 - IP Version 6 Addressing Architecture
- ↑ RFC 6666 - A Discard Prefix for IPv6
- ↑ RFC 4843 - An IPv6 Prefix for Overlay Routable Cryptographic Hash Identifiers (ORCHID)
- ↑ RFC 3849 - IPv6 Address Prefix Reserved for Documentation
- ↑ RFC 4193 - Unique Local IPv6 Unicast Addresses
- ↑ RFC 3879 - Deprecating Site Local Addresses