All things related to multicast

[Eli Dart <>]

In reply to "Marshall Eubanks" 
<>
 :


> Well, this works (see below), in that packets are received.
> 
> Is this a real problem ? Should it just be added to Bill Nickless's list, or
> is there more to do ?

We've had 224.0.1.76 in our msdp filters for some time 
now....realistically, for what reason should anyone outside an 
administrative domain be able to enumerate wireless access points 
over the wired network?

                --eli


> 
> Marshall
> 
>  There were  136  separate IP Addressess found
>  
> Total duration of  2892  RTP records  =  0 days  0  hours  48  minutes  
> 44.27
 73  seconds 
>  
>  IP Address = 67.130.52.7     | Num RTP =      8 at   0.003 pps | Average 
> Len
 gth =    69 bytes
>  IP Address = 128.174.112.246 | Num RTP =     15 at   0.005 pps | Average 
> Len
 gth =    87 bytes
>  IP Address = 128.174.112.247 | Num RTP =     16 at   0.006 pps | Average 
> Len
 gth =    87 bytes
>  IP Address = 128.2.159.10    | Num RTP =     24 at   0.008 pps | Average 
> Len
 gth =    66 bytes
>  IP Address = 128.2.159.7     | Num RTP =     25 at   0.009 pps | Average 
> Len
 gth =    66 bytes
>  IP Address = 128.2.159.9     | Num RTP =     24 at   0.008 pps | Average 
> Len
 gth =    90 bytes
>  IP Address = 128.253.245.40  | Num RTP =     24 at   0.009 pps | Average 
> Len
 gth =    70 bytes
>  IP Address = 128.59.25.217   | Num RTP =     21 at   0.007 pps | Average 
> Len
 gth =    84 bytes
>  IP Address = 129.217.208.77  | Num RTP =      9 at   0.003 pps | Average 
> Len
 gth =    48 bytes
>  IP Address = 131.188.173.144 | Num RTP =      9 at   0.004 pps | Average 
> Len
 gth =    87 bytes
>  IP Address = 131.188.181.240 | Num RTP =      7 at   0.003 pps | Average 
> Len
 gth =    78 bytes
>  IP Address = 131.188.181.241 | Num RTP =      7 at   0.003 pps | Average 
> Len
 gth =    78 bytes
>  IP Address = 131.247.3.160   | Num RTP =     25 at   0.009 pps | Average 
> Len
 gth =    75 bytes
>  IP Address = 131.247.3.164   | Num RTP =     24 at   0.008 pps | Average 
> Len
 gth =    75 bytes
>  IP Address = 134.129.88.150  | Num RTP =     24 at   0.009 pps | Average 
> Len
 gth =    96 bytes
>  IP Address = 139.165.104.201 | Num RTP =      7 at   0.003 pps | Average 
> Len
 gth =    55 bytes
>  IP Address = 139.165.115.6   | Num RTP =      5 at   0.004 pps | Average 
> Len
 gth =    57 bytes
>  IP Address = 139.165.115.9   | Num RTP =     24 at   0.009 pps | Average 
> Len
 gth =    57 bytes
>  IP Address = 141.39.29.164   | Num RTP =     16 at   0.006 pps | Average 
> Len
 gth =    86 bytes
>  IP Address = 142.90.124.10   | Num RTP =     12 at   0.009 pps | Average 
> Len
 gth =    90 bytes
>  IP Address = 142.90.124.11   | Num RTP =     13 at   0.009 pps | Average 
> Len
 gth =    90 bytes
>  IP Address = 142.90.124.12   | Num RTP =     12 at   0.009 pps | Average 
> Len
 gth =    90 bytes
>  IP Address = 142.90.124.13   | Num RTP =     13 at   0.009 pps | Average 
> Len
 gth =    90 bytes
>  IP Address = 155.101.16.97   | Num RTP =     48 at   0.017 pps | Average 
> Len
 gth =    89 bytes
>  IP Address = 155.98.72.21    | Num RTP =     23 at   0.008 pps | Average 
> Len
 gth =    76 bytes
>  IP Address = 158.39.27.252   | Num RTP =      1 at   0.000 pps | Average 
> Len
 gth =    68 bytes
>  IP Address = 160.39.193.46   | Num RTP =     22 at   0.008 pps | Average 
> Len
 gth =    78 bytes
>  IP Address = 160.39.244.9    | Num RTP =     21 at   0.007 pps | Average 
> Len
 gth =    46 bytes
>  IP Address = 160.39.245.5    | Num RTP =     22 at   0.008 pps | Average 
> Len
 gth =    78 bytes
>  IP Address = 160.39.245.6    | Num RTP =     22 at   0.009 pps | Average 
> Len
 gth =    46 bytes
>  IP Address = 160.39.245.7    | Num RTP =     20 at   0.007 pps | Average 
> Len
 gth =    46 bytes
>  IP Address = 160.39.245.8    | Num RTP =     22 at   0.008 pps | Average 
> Len
 gth =    46 bytes
>  IP Address = 160.39.245.9    | Num RTP =     22 at   0.008 pps | Average 
> Len
 gth =    46 bytes
> <lots more from Columbia removed>
>  IP Address = 160.39.247.9    | Num RTP =     24 at   0.009 pps | Average 
> Len
 gth =    46 bytes
>  IP Address = 160.39.247.     | Num RTP =      1 at   0.000 pps | Average 
> Len
 gth =    46 bytes
>  IP Address = 160.39.39.39    | Num RTP =     25 at   0.009 pps | Average 
> Len
 gth =   107 bytes
>  IP Address = 169.229.202.139 | Num RTP =      1 at   0.000 pps | Average 
> Len
 gth =    81 bytes
>  IP Address = 171.65.63.239   | Num RTP =     24 at   0.009 pps | Average 
> Len
 gth =    75 bytes
>  IP Address = 193.156.3.149   | Num RTP =      5 at   0.003 pps | Average 
> Len
 gth =    46 bytes
>  IP Address = 210.107.135.242 | Num RTP =     24 at   0.009 pps | Average 
> Len
 gth =    46 bytes
> [tme@hendrix
>  awk]$ 
> 
> 
> --- the forwarded message follows ---
> 
> --_===2078881====multicasttech.com===_
> Content-Type: message/rfc822
> 
> Return-Path: 
> <>
> Received: from outgoing2.securityfocus.com ([205.206.231.26] verified)
>   by multicasttech.com (CommuniGate Pro SMTP 3.4.8)
>   with ESMTP id 2078832 for 
> ;
>  Sat, 20 Dec 2003 15:39:22 
 -0500
> Received: from lists2.securityfocus.com (lists2.securityfocus.com 
> [205.206.23
 1.20])
>       by outgoing2.securityfocus.com (Postfix) with QMQP
>       id 64FA18FAA0; Sat, 20 Dec 2003 07:06:56 -0700 (MST)
> Mailing-List: contact 
> ;
>  run by ezmlm
> Precedence: bulk
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: 
> <mailto:>
> List-Help: 
> <mailto:>
> List-Unsubscribe: 
> <mailto:>
> List-Subscribe: 
> <mailto:>
> Delivered-To: mailing list 
> 
> Delivered-To: moderator for 
> 
> Received: (qmail 5140 invoked from network); 20 Dec 2003 17:53:43 -0000
> Date: Sat, 20 Dec 2003 09:59:53 -0800 (PST)
> From: Andrew Daviel 
> <>
> X-X-Sender: 
> 
> To: 
> 
> Subject: Multicast from Orinoco wireless stations
> Message-ID: 
> <>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> 
> It seems that some Orinoco 802.11 base stations
> send multicast packets on 224.0.1.76/2313 (IAPP.MCAST.NET).
> 
> By sending a multicast join (opening a socket with netcat or other tool)
> to this group, one can discover other base stations on  multicast-enabled
> portions of the Internet, such as the academic networks CA*net, ESnet etc.
> 
> There is administrative access to these units via telnet and http.
> 
> The group should probably be filtered at an administrative boundary as a
> matter of principle.
> 
> 
> -- 
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376
> 
> 
> --_===2078881====multicasttech.com===_--
>

Attachment: pgp9_owqfocGE.pgp
Description: PGP signature