IGMP and PIM protection

Scott Morris swm at emanon.com
Wed Dec 23 14:24:44 UTC 2009


So we're looking to complicate things for the same of complicating
them?  Using a predictable "security" doesn't exactly make things secure
does it?

On the links that you are running PIM or IGMP on, do you not have  a
predictable set of clients and therefore problems?  Or are we trying to
protect against something I'm not thinking of?  ;)

Scott


Glen Kent wrote:
>> Would encrypting multicast not fundamentally break the concept of multicast
>> itself, unless you're encrypting multicast traffic over a backbone?
>>
>>     
>
> No, i wasnt alluding to encrypting the multicast traffic. I was
> thinking of using ESP-NULL (AH is optional) for the IGMP/PIM packets.
>
> Affably,
> Kent
>
>
>   




More information about the NANOG mailing list