On Sat, 16 Feb 2002, fooler wrote:
>
> ok its a very interesting that maybe someone spoof the ip address of
> 192.168.100.1 or your router is capable to relay igmp message from the
> outside of your network.
>
> multicast ip address 224.0.0.1 (all-host multicast group) can flood your
> network if all network devices are not properly configured... try to ping
> 224.0.0.1 and lots of network devices will reply if it is not properly
> configured... fortunately as you said, its frequency is every 3 minutes so
> it wont affect your network much.
>
if i'm not mistaken, 224.0.0.1 has a max lifespan (time-to-live) of 1 and
so doesnt get propagated any further from the network it came from.
that means any spoofed packet like that cant come from outside the router
(because it wont be routed) and that it originated from within the lan
itself.
but the tcpdump advice will surely catch the transmitting station unless
the source mac address is spoofed.
pong
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
