Security Incidents mailing list archives
Re: IGMP DOS Attack
From: John Kristoff <jtk () depaul edu>
Date: Thu, 11 Apr 2002 15:45:08 -0500
On Thu, 11 Apr 2002 15:53:03 -0400 Valdis.Kletnieks () vt edu wrote:
Anybody *else* remember a certain worm randomly picking IP addresses to attack, and causing IGMP meltdowns when it happened to pick a 224.x.x.x address, as all the multicast-aware hosts would start asking about the group? I remember a 2AM firestorm that took several of our routers and part of Abeliene with it...
It was the Ramen worm and it scanned random address space, including that within 224.0.0.0/4. It wasn't IGMP, but rather problems with excessive session announcement state between MSDP peers. Marshall Eubanks gave a good presentation at a recent NANOG about IP multicast issues including the impact of Ramen on the IP multicast enabled Internet. John ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- IGMP DOS Attack D . Stout (Apr 11)
- Re: IGMP DOS Attack Kurt Seifried (Apr 11)
- Re: IGMP DOS Attack Dave Dittrich (Apr 12)
- <Possible follow-ups>
- Re: IGMP DOS Attack Justin Shore (Apr 11)
- RE: IGMP DOS Attack Headley, Kevin (Apr 11)
- Re: IGMP DOS Attack Valdis . Kletnieks (Apr 11)
- Re: IGMP DOS Attack John Kristoff (Apr 11)
- Re: IGMP DOS Attack Christopher L. Morrow (Apr 12)
- Re: IGMP DOS Attack Valdis . Kletnieks (Apr 11)
- RE: IGMP DOS Attack Cushing, David (Apr 11)