Hello, On Sun, Jul 27, 2003 at 02:52:54PM +0200, Nir Arad wrote:
> Should a node (a router) check the validity of the mapping of IPv6
> multicast destination address into the Ethernet MAC multicast address?
In a weak sense, they do this automatically, by
a) implementing a MAC multicast filter representing the subscribed IP
multicast group list, thus only receiving correct packets
b) checking for what IP group the received packets are, and discarding the
wrong ones in one way or other.
Now, this is only a very weak check, because:
a1) most hardware multicast filters are leaking
ab2) a node can subscribe to multiple groups, probably mapped to different
MAC multicast addresses. Thus nodes subscribed to addresses A and B don't
normally know if a message for group A was received at MAC(B). If I
understand correctly, this is your concern.
I can't think of a way this is a security problem - can you point this out
please? With the exception that a DOS might be mounted by sending packets
to the wrong MAC address that are later discarded... But you'll have to
stop them at the source, not at the receivers, to prevent the DOS.
Regards,
-is
pgp00000.pgp
Description: PGP signature
