Pekka Savola wrote: > On Mon, 28 May 2007, Vishwas Manral wrote: >> I noticed one more security issue like the Destination options header >> attack. A packet is sent by using a destination header as a Multicast >> Group address, and source address of the machine to be attacked. A >> random Option type is added to the destination Options header, which >> has the highest order two bits as 10 (send ICMP Reply to the source). >> >> The above would cause ICMP packets to be sent to the source address >> from all members of the multicast group to the source. This could very >> eaily overwhelm the source > > AFAICS, I don't see how this attack would be very effective. Multicast > forwarding algorithms check (for loop prevention) that a packet destined > to a multicast address comes from a topologically RPF-wise correct > direction. So unless you assume a router has been compromised (and all > bets are off) basically you can only spoof an address inside the subnet > where the attacker is, but I don't see this as a very useful attack > myself because it'd be more effective to attack directly.
I completely agree with Pekka on this one. Multicast forwarding is driven by the RPF check. If you try to spoof the source address of a multicast packet, you would have to be on the same subnet as your victim. So I don't see the vulnerability here. Regards, Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------