Defining Martian Addresses

The Martian Addresses page enables entering IP addresses that indicate an attack if they are seen on the network. Packets from these addresses are discarded.

The switch supports a set of reserved Martian addresses that are illegal from the point of view of the IP protocol. The supported reserved Martian addresses are:

You can also add new Martian Addresses for DoS prevention. Packets that have a Martian addresses are discarded.

To define Martian addresses:

  1. Click Security > Denial of Service Prevention > Martian Addresses. The Martian Addresses page displays.
  2. Select Reserved Martian Addresses and click Apply to include the reserved Martian Addresses in the System Level Prevention list.
  3. To add a Martian address click Add. The Add Martian Addresses page displays.
  4. Enter the parameters.
    • IP Version--Indicates the supported IP version. Currently, support is only offered for IPv4.
    • IP Address--Enter an IP addresses to reject. The possible values are:
      • From reserved List--Select a well-known IP address from the reserved list.
      • New IP Address--Enter an IP address.
    • Mask--Enter the mask of the IP address to define a range of IP addresses to reject. The values are:
      • Network Mask--Network mask in dotted decimal format.
      • Prefix Length--Enter the prefix of the IP address to define the range of IP addresses for which Denial of Service prevention is enabled.
  5. Click Apply. The Martian addresses are defined, and the Running Configuration file is updated.