Dave, you are right (of course :)).
Dave Thaler wrote:
>
> Dirk Ooms writes:
> [...]
> > > All currently deployed (that I know of) multicast routing protocols
> > > employ RPF checks in some form. Roughly, this means that A
> > > has to be either on the same subnet as V (in which case all
> > > receivers will respond), or else somewhere on the multicast
> > > distribution tree used by V (in which case only those
> > > receivers down the subtree past that point will respond).
> > > If A is not on the distribution tree, then the attack
> > > generally won't work. There are a few exceptions, though,
> > > such as sending the Packet Too Big in a register message
> > > to the victim's RP in PIMSM. If V is not actually sourcing traffic
> > > to the group, and receivers are in V's domain, then a large
> > > volume could be continuously generated. (If V is sourcing
> >
> > Unless the RP immediately switches to the source tree when it receives
> > the first 'Packet Too Big' packet (which is a typical
> > configuration). In
> > this case there will only be a burst towards V. Correct?
>
> No. If V is not sourcing traffic, the SPT bit will never get
> set on the RP's state and it will continue accepting registers
> even though an (S,G) branch has been created.
> As a result, every register will continue to be forwarded
> down the (*,G) tree to all the receivers.
>
> -Dave
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
