On Mon, 28 May 2007, Vishwas Manral wrote:
I noticed one more security issue like the Destination options header
attack. A packet is sent by using a destination header as a Multicast
Group address, and source address of the machine to be attacked. A
random Option type is added to the destination Options header, which
has the highest order two bits as 10 (send ICMP Reply to the source).
The above would cause ICMP packets to be sent to the source address
from all members of the multicast group to the source. This could very
eaily overwhelm the source
AFAICS, I don't see how this attack would be very effective.
Multicast forwarding algorithms check (for loop prevention) that a
packet destined to a multicast address comes from a topologically
RPF-wise correct direction. So unless you assume a router has been
compromised (and all bets are off) basically you can only spoof an
address inside the subnet where the attacker is, but I don't see this
as a very useful attack myself because it'd be more effective to
attack directly.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
