Dirk Ooms writes:
[...]
> > All currently deployed (that I know of) multicast routing protocols
> > employ RPF checks in some form. Roughly, this means that A
> > has to be either on the same subnet as V (in which case all
> > receivers will respond), or else somewhere on the multicast
> > distribution tree used by V (in which case only those
> > receivers down the subtree past that point will respond).
> > If A is not on the distribution tree, then the attack
> > generally won't work. There are a few exceptions, though,
> > such as sending the Packet Too Big in a register message
> > to the victim's RP in PIMSM. If V is not actually sourcing traffic
> > to the group, and receivers are in V's domain, then a large
> > volume could be continuously generated. (If V is sourcing
>
> Unless the RP immediately switches to the source tree when it receives
> the first 'Packet Too Big' packet (which is a typical
> configuration). In
> this case there will only be a burst towards V. Correct?
No. If V is not sourcing traffic, the SPT bit will never get
set on the RP's state and it will continue accepting registers
even though an (S,G) branch has been created.
As a result, every register will continue to be forwarded
down the (*,G) tree to all the receivers.
-Dave
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
