[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipng
Subject:    Re: Denial of Service attacks and ICMPv6 Packet Too Big
From:       Erik Nordmark <Erik.Nordmark () eng ! sun ! com>
Date:       2001-01-12 6:41:56
[Download RAW message or body]


Catching up on email ...

> A multicast group X contains the receivers R1, R2, ... RN.
> The victim node is V - not necessarily anything to do with
> X. The attacker is A. All nodes are different. Now, attacker A
> sends a multicast packet with source = V and destination = X.
> As the receivers R1 to RN or routers close to them receive the
> messages, they complain about the message and ALL respond using
> ICMPv6 Packet Too Big or Parameter Problem, causing V to be
> flooded with messages.

IP multicast routing is in many cases based on reverse path forwarding.
This implies that the forwarding is determined by the source address of
the packet. If a packet is received by a router on an interface and
that interface is not an incoming interface in the reverse path tree
for the IP source address in the packet, the packet will be dropped.

This means that, when RPF based multicast routing is used,
a multicast packet with an invalid source must in inject topologically
close to the real location of that source address i.e. A must be
topologically close to V, to see signficant forwarding of the
multicast packet.
Of course, with non-RPF based schemes we are not so lucky.

   Erik

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com
--------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]