At Wed, 30 May 2007 10:48:49 -0700,
"Vishwas Manral" <[EMAIL PROTECTED]> wrote:
> > > However this still leaves room for attacks upstream from any router
> > > downstream in the Multicast tree.
> >
> > I simply don't understand how this can effectively be done...
>
> May be I am missing the point then. A router can set the source
> address as any of the upstream address, whether in the multicast tree
> or not. As the address is upstream according to the RPF check the
> check does not fail. All downstream hosts, that process the packet,
> actually send an ICMP packet to the spoofed source address. This
> source can then get overwhelmed. Another case as pointed out was if
> the IP address was in the same network.
Okay I understand what you mean, but it still doesn't convince me. In
that case the returned ICMPv6 messages will most likely be forwarded
by the attacking router, so the router would simply be able to attack
the victim node directly with the "amplified" volume of traffic. I
don't see why the router would bother to trigger the errors in the
first place. In fact, the essential point is the same as the case
where an attacking node is located in the same subnet as the victim.
Pekka already pointed out that it's not a useful attack. Since I
already agreed with him, this example naturally isn't convincing to
me.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
