Open main menu

A Martian packet is an IP packet seen on the public internet that contains a source or destination address that is reserved for special-use by Internet Assigned Numbers Authority (IANA). On the public Internet, such a packet’s source address is either spoofed, and it cannot actually originate as claimed, or the packet cannot be delivered.[1]

Martian packets commonly arise from IP address spoofing in denial-of-service attacks,[2] but can also arise from network equipment malfunction or misconfiguration of a host.[1]

In Linux terminology, a martian packet is an IP packet received by the kernel on a specific interface, while routing tables indicate that the source IP is expected on another interface.

The name is derived from packet from Mars, meaning that packet seems to be not of this Earth.[3]


IPv4 and IPv6Edit

In both IPv4 and IPv6, martian packets have source or destination addresses within special-use ranges defined in RFC 6890.

Transition mechanismsEdit


6to4 is an IPv6 transition technology where the IPv6 address encodes the originating IPv4 address such that every IPv4 /32 has a corresponding, unique IPv6 /48 prefix. Because 6to4 relays use the encoded value for determining the end site of the 6to4 tunnel, 6to4 addresses corresponding to IPv4 martians are not routable and should never appear on the public Internet.

Teredo tunnelingEdit

Teredo is another IPv6 transition technology that encodes the originating IPv4 address in the IPv6 address. However, the encoding format encodes the Teredo server address and tunnel information before the IPv4 client address. Thus there is no definable set of prefixes more specific than 2001:0::/32 for Teredo packets with martian end-site addresses. It is, however, possible to spoof Teredo packets with the Teredo server IPv4 address set to a martian.

See alsoEdit


  1. ^ a b RFC 1812 - Requirements for IP Version 4 Routers
  2. ^ RFC 3704 - Ingress Filtering for Multihomed Networks
  3. ^ "Jargon File: martian".