wg-multicast - The 'killer app' for multicast deployment?
Subject: All things related to multicast
List archive
- From: Bill Owens <>
- To:
- Subject: The 'killer app' for multicast deployment?
- Date: Wed, 23 Jul 2003 16:52:19 -0400
As you all know there is a very serious problem with IOS that has led to mass upgrades all across the network in the last week. But someone just posted a note to the NANOG list pointing out that a new aspect of the bug was apparently discovered in the last couple of days. There are four protocol types that trigger the bug, 53, 55, 77 and our favorite, 103 (PIM). Previously it was thought that the packets had to reach the router with a TTL of 0 or 1 to affect it, but apparently PIM is a special case. Cisco's update has this to say:
"Cisco routers are configured to process and accept Internet Protocol version 4 (IPv4) packets by default. IPv4 packets handled by the processor on a Cisco IOS device with protocol types of 53 (SWIPE), 55 (IP Mobility, or 77 (Sun ND), all with Time-to-Live (TTL) values of 1 or 0, and 103 (Protocol Independent Multicast - PIM) with any TTL value, may force the device to incorrectly flag the input queue on an interface as full."
So a PIM-based attack is easier to mount. But there's an easy answer - enable PIM:
"Routers that have the PIM process running are not affected by traffic with protocol type 103. This process will be created when PIM is configured on any interface of the router. An interface with PIM enabled will have one of the following three commands in the interface configuration: ip pim dense-mode, ip pim sparse-mode, or ip pim sparse-dense-mode. "
Sounds like a great reason to enable native multicast ;)
Bill.
- The 'killer app' for multicast deployment?, Bill Owens, 07/23/2003
- Re: The 'killer app' for multicast deployment?, Guy T Almes, 07/23/2003
- Re: The 'killer app' for multicast deployment?, Michael H. Lambert, 07/23/2003
Archive powered by MHonArc 2.6.16.