Mars Attacks!

In July 2012, a significant portion of attacks on Cloudflare were traced back to invalid or 'Martian IP addresses', which are valid but shouldn't appear on the public internet. These include internal network addresses and local private links. The largest source of these attacks was from China Telecom, followed by other networks around the world. However, it is important to note that the source IP address may be spoofed or forged in many cases, making it difficult to determine the actual origin of the attack. Additionally, some attacks involve legitimate DNS servers being tricked into sending packets to Cloudflare, resulting in a reflection attack with an amplification effect. Consequently, when analyzing layer 3/4 attacks, the source IP address is often unreliable and may not accurately represent the attacker's location.