All things related to multicast

[Tom Pusateri <>]

I can't really think of any problems a "rogue querier" can cause.
All IGMP routers listen to membership reports and time groups out
independently.

As long as someone sends queries (which will fall back to any other
router if the rogue querier doesn't follow the protocol), the routers
will have the right membership.

What is the threat or attack you're concerned about?

FYI, Here is the security considerations text from RFC 2236:

A forged Query message from a machine with a lower IP address than
the current Querier will cause Querier duties to be assigned to
the forger. If the forger then sends no more Query messages, other
routers' Other Querier Present timer will time out and one will
resume the role of Querier. During this time, if the forger ignores
Leave Messages, traffic might flow to groups with no members for
up to [Group Membership Interval].

A forged Query message sent to a group with members will cause the
hosts which are members of the group to report their memberships.
This causes a small amount of extra traffic on the LAN, but causes
no protocol problems.

Thanks,
Tom


In message 
<>
 you write:
>To avoid the potential problem of a rogue default IGMP querier on a
>subnet, would it be useful to have hosts learn their default IGMP
>querier (usually the upstream router) statically or via an option from a
>DHCP server?
>
>If I recall, the router with the lowest IP on a subnet supporting IGMP
>will by default act as the IGMP querier for the subnet.  This means that
>anyone host with a lower IP address, or even an aggressive rogue, could
>cause problems.
>
>I'd be interested to hear if anyone has run into any problems that
>something along these lines may fix.
>
>John
>