On 08/28/2013 02:38 PM, Stig Venaas wrote: > > I'm not sure if this attack is all that serious since there is > always an RPF check for multicast. > > As it says in the draft: > > It should be noted that if the multicast RPF check is used (e.g. > to prevent routing loops), this would prevent an attacker from > forging the Source Address of a packet to an arbitrary value, thus > preventing an attacker from launching this attack against a remote > network. > > Chapter 5 of [Juniper2010] discusses multicast RPF configuration > for Juniper routers. > > If you read chapter 5 it starts out by explaining how RPF check is > always done for multicast. > > Due to the RPF check, the possibility of spoofing is significantly > reduced. Just like it is when using unicast RPF. Hence I don't think > this attack vector is that serious.
That might help preventing an attacker to exploit this against an arbitrary system, but not against all nodes. Thanks, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------