Firewall Wizards mailing list archives

Re: firewall and multicast

From: Darren Reed <darrenr () cyber com au>
Date: Fri, 6 Mar 1998 17:23:52 +1100 (EST)

In some mail I received from George Wang, sie wrote

Hi,

What are the firewalls that support multicast? Is there any security
implications of that?


What do you mean here ?

- tunnel from mbone to internal network (basically IP in IP) or

- filter multicast IP addresses

There is no TCP support for multicast.

If you can sneak a packet into a network using a multicast address as
the source address, then there are other problems with the setup.

For a packet to reach a destination with a multicast address as the
destination, you need either (a) operational LSRR (this killed quite
a few routers in the early days of mbone :) or (b) a tunnel that
you can use to get to that site or (c) there's multicast support
from routers all the way - not very common.

The only real impact multicast is going to have is on those that
attempt to only block the "bad things" and allow everything else
through.

Darren

Current thread:

firewall and multicast George Wang (Mar 05)
- Re: firewall and multicast Darren Reed (Mar 06)
- Re: firewall and multicast Adam Shostack (Mar 06)
- <Possible follow-ups>
- RE: firewall and multicast Safier, Adam (GEIS) (Mar 07)