Hello, On Sun, Jul 27, 2003 at 02:52:54PM +0200, Nir Arad wrote:
> Should a node (a router) check the validity of the mapping of IPv6 > multicast destination address into the Ethernet MAC multicast address? In a weak sense, they do this automatically, by a) implementing a MAC multicast filter representing the subscribed IP multicast group list, thus only receiving correct packets b) checking for what IP group the received packets are, and discarding the wrong ones in one way or other. Now, this is only a very weak check, because: a1) most hardware multicast filters are leaking ab2) a node can subscribe to multiple groups, probably mapped to different MAC multicast addresses. Thus nodes subscribed to addresses A and B don't normally know if a message for group A was received at MAC(B). If I understand correctly, this is your concern. I can't think of a way this is a security problem - can you point this out please? With the exception that a DOS might be mounted by sending packets to the wrong MAC address that are later discarded... But you'll have to stop them at the source, not at the receivers, to prevent the DOS. Regards, -is
pgp00000.pgp
Description: PGP signature