Hi Julien, Julien Laganier wrote: > Hi Marcelo, others, > > How about including work on extensions to secure > Multicast Listener Discovery Version 2 (MLDv2) for > IPv6, along the same lines that what was done to > secure Neighbor Discovery: > > 1. protection against spoofing of multicast listener > report messages in which a rogue node unsubscribe its > target from receiving multicast traffic.
This type of attack is mitigated by the MLD state machine. When a router receives a Report that signals no more interest in a particular group it first sends out a group-specific query to ensure that interest does not exist. When that query is sent, the target node will respond that it is still interested. > > 2. protection against spoofing of multicast Listener > query messages in which a rogue node with a lower IPv6 > address than the current querier will cause querier > duties to be assigned to the rogue node. This would be useful in my opinion. Regards, Brian _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
