Hi Jinmei,
> However this still leaves room for attacks upstream from any router
> downstream in the Multicast tree.
I simply don't understand how this can effectively be done...
May be I am missing the point then. A router can set the source
address as any of the upstream address, whether in the multicast tree
or not. As the address is upstream according to the RPF check the
check does not fail. All downstream hosts, that process the packet,
actually send an ICMP packet to the spoofed source address. This
source can then get overwhelmed. Another case as pointed out was if
the IP address was in the same network.
Is there something I am missing in the whole argument here?
Thanks,
Vishwas
On 5/30/07, JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> wrote:
At Wed, 30 May 2007 09:32:58 -0700,
"Vishwas Manral" <[EMAIL PROTECTED]> wrote:
> However this still leaves room for attacks upstream from any router
> downstream in the Multicast tree.
I simply don't understand how this can effectively be done...
> Also I am unsure, but if we
> can tunnel such multicast packets, then we get over the whole factor
> of RPF, by being able to send a packet from anywhere on the internet.
Sorry, but I don't buy the argument of "if we could do something very
powerful which is actually impossible it would cause a very bad
thing." What I wanted to see is a realistic attack scenario.
> However if the concensus is that the issue is not very practical in
> live networks then I will just drop the discussion here.
I don't know if that's the consensus of the wg; I simply stated my
opinion in response to a question to myself. But at least I've not
been convinced about what you explained so far.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
