wg-multicast - Re: Fwd: Multicast from Orinoco wireless stations
Subject: All things related to multicast
List archive
- From: Steve Shultz <>
- To: "Marshall Eubanks" <>, "wg-multicast" <>
- Cc: Andrew Daviel <>
- Subject: Re: Fwd: Multicast from Orinoco wireless stations
- Date: Tue, 23 Dec 2003 12:33:54 -0800
NREN has been filtering this at it border routers for some time below is our recommended filter list
! domain-local applications
access-list 101 deny ip any host 224.0.1.2 ! SGI-Dogfight
access-list 101 deny ip any host 224.0.1.3 ! Rwhod
access-list 101 deny ip any host 224.0.1.8 ! SUN NIS+
access-list 101 deny ip any host 224.0.1.22 ! SVRLOC
access-list 101 deny ip any host 224.0.1.24 ! Microsoft-DS
access-list 101 deny ip any host 224.0.1.35 ! SVRLOC-DA
! auto-rp groups
access-list 101 deny ip any host 224.0.1.39 ! CISCO-RP-ANNOUNCE
access-list 101 deny ip any host 224.0.1.40 ! CISCO-RP-DISCOVERY
!
access-list 101 deny ip any host 224.0.1.60 ! hp-device-disc
access-list 101 deny ip any host 224.0.1.76 ! IAPP
access-list 101 deny ip any host 224.0.2.2 ! SUN-RPC
access-list 101 deny ip any host 224.1.0.1 ! ST Multicast Groups
access-list 101 deny ip any 224.77.0.0 0.0.225.255 ! Norton Ghost
access-list 101 deny ip any host 225.1.2.3 ! Altiris
access-list 101 deny ip any 226.77.0.0 0.0.225.255 ! Norton Ghost
access-list 101 deny ip any host 229.55.150.208! Norton Ghost
access-list 101 deny ip any host 234.42.42.42 ! ImageCast
access-list 101 deny ip any host 234.142.142.142!ImageCast
! scoped groups
access-list 101 deny ip any 239.0.0.0 0.255.255.255
! loopback, private addresses (RFC 1918)
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
! Default SSM-range. Do not do MSDP in this range
access-list 101 deny ip any 232.0.0.0 0.255.255.255
access-list 101 permit ip any any
At 03:13 PM 12/20/2003, Marshall Eubanks wrote:
Well, this works (see below), in that packets are received.
Is this a real problem ? Should it just be added to Bill Nickless's list, or
is there more to do ?
Marshall
There were 136 separate IP Addressess found
Total duration of 2892 RTP records = 0 days 0 hours 48 minutes 44.2773 seconds
IP Address = 67.130.52.7 | Num RTP = 8 at 0.003 pps | Average Length = 69 bytes
IP Address = 128.174.112.246 | Num RTP = 15 at 0.005 pps | Average Length = 87 bytes
IP Address = 128.174.112.247 | Num RTP = 16 at 0.006 pps | Average Length = 87 bytes
IP Address = 128.2.159.10 | Num RTP = 24 at 0.008 pps | Average Length = 66 bytes
IP Address = 128.2.159.7 | Num RTP = 25 at 0.009 pps | Average Length = 66 bytes
IP Address = 128.2.159.9 | Num RTP = 24 at 0.008 pps | Average Length = 90 bytes
IP Address = 128.253.245.40 | Num RTP = 24 at 0.009 pps | Average Length = 70 bytes
IP Address = 128.59.25.217 | Num RTP = 21 at 0.007 pps | Average Length = 84 bytes
IP Address = 129.217.208.77 | Num RTP = 9 at 0.003 pps | Average Length = 48 bytes
IP Address = 131.188.173.144 | Num RTP = 9 at 0.004 pps | Average Length = 87 bytes
IP Address = 131.188.181.240 | Num RTP = 7 at 0.003 pps | Average Length = 78 bytes
IP Address = 131.188.181.241 | Num RTP = 7 at 0.003 pps | Average Length = 78 bytes
IP Address = 131.247.3.160 | Num RTP = 25 at 0.009 pps | Average Length = 75 bytes
IP Address = 131.247.3.164 | Num RTP = 24 at 0.008 pps | Average Length = 75 bytes
IP Address = 134.129.88.150 | Num RTP = 24 at 0.009 pps | Average Length = 96 bytes
IP Address = 139.165.104.201 | Num RTP = 7 at 0.003 pps | Average Length = 55 bytes
IP Address = 139.165.115.6 | Num RTP = 5 at 0.004 pps | Average Length = 57 bytes
IP Address = 139.165.115.9 | Num RTP = 24 at 0.009 pps | Average Length = 57 bytes
IP Address = 141.39.29.164 | Num RTP = 16 at 0.006 pps | Average Length = 86 bytes
IP Address = 142.90.124.10 | Num RTP = 12 at 0.009 pps | Average Length = 90 bytes
IP Address = 142.90.124.11 | Num RTP = 13 at 0.009 pps | Average Length = 90 bytes
IP Address = 142.90.124.12 | Num RTP = 12 at 0.009 pps | Average Length = 90 bytes
IP Address = 142.90.124.13 | Num RTP = 13 at 0.009 pps | Average Length = 90 bytes
IP Address = 155.101.16.97 | Num RTP = 48 at 0.017 pps | Average Length = 89 bytes
IP Address = 155.98.72.21 | Num RTP = 23 at 0.008 pps | Average Length = 76 bytes
IP Address = 158.39.27.252 | Num RTP = 1 at 0.000 pps | Average Length = 68 bytes
IP Address = 160.39.193.46 | Num RTP = 22 at 0.008 pps | Average Length = 78 bytes
IP Address = 160.39.244.9 | Num RTP = 21 at 0.007 pps | Average Length = 46 bytes
IP Address = 160.39.245.5 | Num RTP = 22 at 0.008 pps | Average Length = 78 bytes
IP Address = 160.39.245.6 | Num RTP = 22 at 0.009 pps | Average Length = 46 bytes
IP Address = 160.39.245.7 | Num RTP = 20 at 0.007 pps | Average Length = 46 bytes
IP Address = 160.39.245.8 | Num RTP = 22 at 0.008 pps | Average Length = 46 bytes
IP Address = 160.39.245.9 | Num RTP = 22 at 0.008 pps | Average Length = 46 bytes
<lots more from Columbia removed>
IP Address = 160.39.247.9 | Num RTP = 24 at 0.009 pps | Average Length = 46 bytes
IP Address = 160.39.247. | Num RTP = 1 at 0.000 pps | Average Length = 46 bytes
IP Address = 160.39.39.39 | Num RTP = 25 at 0.009 pps | Average Length = 107 bytes
IP Address = 169.229.202.139 | Num RTP = 1 at 0.000 pps | Average Length = 81 bytes
IP Address = 171.65.63.239 | Num RTP = 24 at 0.009 pps | Average Length = 75 bytes
IP Address = 193.156.3.149 | Num RTP = 5 at 0.003 pps | Average Length = 46 bytes
IP Address = 210.107.135.242 | Num RTP = 24 at 0.009 pps | Average Length = 46 bytes
[tme@hendrix awk]$
--- the forwarded message follows ---
Return-Path: <>
Received: from outgoing2.securityfocus.com ([205.206.231.26] verified)
by multicasttech.com (CommuniGate Pro SMTP 3.4.8)
with ESMTP id 2078832 for ; Sat, 20 Dec 2003 15:39:22 -0500
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 64FA18FAA0; Sat, 20 Dec 2003 07:06:56 -0700 (MST)
Mailing-List: contact ; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <>
List-Help: <>
List-Unsubscribe: <>
List-Subscribe: <>
Delivered-To: mailing list
Delivered-To: moderator for
Received: (qmail 5140 invoked from network); 20 Dec 2003 17:53:43 -0000
Date: Sat, 20 Dec 2003 09:59:53 -0800 (PST)
From: Andrew Daviel <>
X-X-Sender:
To:
Subject: Multicast from Orinoco wireless stations
Message-ID: <>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
It seems that some Orinoco 802.11 base stations
send multicast packets on 224.0.1.76/2313 (IAPP.MCAST.NET).
By sending a multicast join (opening a socket with netcat or other tool)
to this group, one can discover other base stations on multicast-enabled
portions of the Internet, such as the academic networks CA*net, ESnet etc.
There is administrative access to these units via telnet and http.
The group should probably be filtered at an administrative boundary as a
matter of principle.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
- Fwd: Multicast from Orinoco wireless stations, Marshall Eubanks, 12/20/2003
- Re: Fwd: Multicast from Orinoco wireless stations, Eli Dart, 12/20/2003
- Re: Fwd: Multicast from Orinoco wireless stations, Steve Shultz, 12/23/2003
Archive powered by MHonArc 2.6.16.