Hi I'm not sure if this attack is all that serious since there is always an RPF check for multicast.
As it says in the draft: It should be noted that if the multicast RPF check is used (e.g. to prevent routing loops), this would prevent an attacker from forging the Source Address of a packet to an arbitrary value, thus preventing an attacker from launching this attack against a remote network. Chapter 5 of [Juniper2010] discusses multicast RPF configuration for Juniper routers. If you read chapter 5 it starts out by explaining how RPF check is always done for multicast. Due to the RPF check, the possibility of spoofing is significantly reduced. Just like it is when using unicast RPF. Hence I don't think this attack vector is that serious. Unless I'm missing something, I don't think it is worth making the proposed change. Stig -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------