Thus spake "Jyrki Soini" <[EMAIL PROTECTED]> > There is discussion and motivation why ICMPv6 error messages in general > case MUST NOT be send in response to multicast packets. In contrast > ICMP Echo Reply message has the following text: > > "An Echo Reply SHOULD be sent in response to an Echo Request message > sent to an IPv6 multicast or anycast address. In this case, the > source address of the reply MUST be a unicast address belonging to > the interface on which the Echo Request message was received." > > Even though ping to multicast addresses has some operational use for > instance to diagnose multicast propagation issues, I find it hard to justify > this when comparing to potential risks as an DoS attack mechanism. > Once we are updating the standard, should we make this behaviour > deprecated and write instead:
How can this possibly be used as a DoS attack? Multicast inherently prevents source address spoofing, at least outside the sender's own subnet. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
