Skip to Content.
Sympa Menu

wg-multicast - Re: SDP spike

Subject: All things related to multicast

List archive

Re: SDP spike


Chronological Thread 
  • From: Marshall Eubanks <>
  • To: John Kristoff <>
  • Cc:
  • Subject: Re: SDP spike
  • Date: Fri, 22 Feb 2008 15:44:59 -0500

I would take a look at Lenny Guiliani's paper on Multicast security :

http://www.juniper.net/solutions/literature/app_note/350051.pdf

I don't know if Lenny is on this list, but it could be arranged.

Regards
Marshall

On Feb 22, 2008, at 1:15 PM, John Kristoff wrote:

On Fri, 22 Feb 2008 11:58:20 -0600
"Dale W. Carder"
<>
wrote:

I would recommend taking a look at John Kristoff's guide on
multicast deployment:

I hope people heed the warnings on the page if it's not already
glaringly obivous that it's out of date and likely to cause support
problems if router configs are not carefully maintained, but thanks
for the plug.

Perhaps this working group could work on updating this document
now that John is primarily out working in private industry.

I'm still around in academia and can wear that hat legitimately for
part of the time, but I don't have to worry about or support the
periodic mcast problems like these anymore. I brought up the issue
of releasing some stress tools with a colleague. Essentially some
hacky Perl code that tries to do various sorts of things that could
cause harm if the global mcast net is not completely hardened. So
things like:

ICMP ping floods to the sap group (routers usually respond)
IGMP join floods to sequential/random mcast netblock addresses
UDP/TCP packet flooders to selects or select/random mcast netblocks
Random IP protocol floods to selects/random mcast netblocks

I was also thinking doing something with PIM and MSDP. MSDP
is kind of like BGP so probably no point there, but with PIM I
thought I could try to prented being a PIM router and see what
sort of havoc routers would be vulnerable to. The whole end
host-based source and receiver state attacks are most worrisome
to me in the long run, because I think most nets are ill prepared
to deal with those. I guess on the positive side, deployment is
not ubiquituous.

If someone wants to work on a more formal paper or presentation
documenting attack scenarios and taking some measurements that
might be useful for some limited audience. I think there is lots
of good info about how to harden multicast nets, it's just not
that easy to actually do it. Some real-world measurements might
help highlight those problems and get some implementations and
configurations updated?

John




Archive powered by MHonArc 2.6.16.

Top of Page