nanog mailing list archives

Re: Martian list of IP's to block???

From: Jared Mauch <jared () puck Nether net>
Date: Fri, 1 Oct 1999 12:27:39 -0400


On Fri, Oct 01, 1999 at 08:49:23AM -0700, bmanning () vacation karoshi com wrote:

    deny   ip 224.0.0.0 31.255.255.255 any log


      I'm not convinced that blocking native multicast is a good idea.


        This is blocking packets sourced with a multicast ip, not
destined for multicast.

        ex: when i source multicast traffic the src ip is the ip of
the machine sending the traffic, and the dst is the ip of the multicast
group.

        so traffic would go from (for example) puck.nether.net (204.42.254.5)
to the multicast group for Places all over the World (224.2.172.238).

        This acl would prevent someone from sending a ping to your 
router, and faking the src ip to be something like all-routers.mcast.net,
and having you start ping flooding all the multicast routers,
or multicast hosts out on the internet.  (Think semi smurf-attack like).

        - jared
        
-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
END OF LINE  |

Current thread:

Martian list of IP's to block??? John M. Brown (Oct 01)
- <Possible follow-ups>
- Re: Martian list of IP's to block??? rfuller (Oct 01)
  - Re: Martian list of IP's to block??? bmanning (Oct 01)
    - Re: Martian list of IP's to block??? Jared Mauch (Oct 01)
    - Re: Martian list of IP's to block??? Andy McConnell (Oct 01)
  - RE: Martian list of IP's to block??? Rubens Kuhl Jr. (Oct 01)
    - Re: Martian list of IP's to block??? Jared Mauch (Oct 01)
    - RE: Martian list of IP's to block??? Rubens Kuhl Jr. (Oct 01)
  - Re: Martian list of IP's to block??? Joe Abley (Oct 02)
    - Re: Martian list of IP's to block??? sthaug (Oct 02)
    - Re: Martian list of IP's to block??? Frank Hellemink (Oct 02)