JINMEI Tatuya / 神明達哉 wrote: > At Wed, 30 May 2007 10:48:49 -0700, > "Vishwas Manral" <[EMAIL PROTECTED]> wrote: > >>>> However this still leaves room for attacks upstream from any router >>>> downstream in the Multicast tree. >>> I simply don't understand how this can effectively be done... >> May be I am missing the point then. A router can set the source >> address as any of the upstream address, whether in the multicast tree >> or not. As the address is upstream according to the RPF check the >> check does not fail. All downstream hosts, that process the packet, >> actually send an ICMP packet to the spoofed source address. This >> source can then get overwhelmed. Another case as pointed out was if >> the IP address was in the same network. > > Okay I understand what you mean, but it still doesn't convince me. In > that case the returned ICMPv6 messages will most likely be forwarded > by the attacking router, so the router would simply be able to attack > the victim node directly with the "amplified" volume of traffic. I > don't see why the router would bother to trigger the errors in the > first place. In fact, the essential point is the same as the case > where an attacking node is located in the same subnet as the victim. > Pekka already pointed out that it's not a useful attack. Since I > already agreed with him, this example naturally isn't convincing to > me.
More to the point, how would the attacker know it is on the multicast tree? That node would have to have knowledge of the multicast routing state in the network. If that is the case, I can think of much more sinister attacks that could be launched. Regards, Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
