Fernando, >> I'm not sure if this attack is all that serious since there is >> always an RPF check for multicast. >> >> As it says in the draft: >> >> It should be noted that if the multicast RPF check is used (e.g. >> to prevent routing loops), this would prevent an attacker from >> forging the Source Address of a packet to an arbitrary value, thus >> preventing an attacker from launching this attack against a remote >> network. >> >> Chapter 5 of [Juniper2010] discusses multicast RPF configuration >> for Juniper routers. >> >> If you read chapter 5 it starts out by explaining how RPF check is >> always done for multicast. >> >> Due to the RPF check, the possibility of spoofing is significantly >> reduced. Just like it is when using unicast RPF. Hence I don't think >> this attack vector is that serious. > > That might help preventing an attacker to exploit this against an > arbitrary system, but not against all nodes.
would that be other nodes than yourself and nodes on the same link as yourself? cheers, Ole
signature.asc
Description: Message signed with OpenPGP using GPGMail
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------