Martian list of IP's to block???

• Previous message (by thread): Martian list of IP's to block???
• Next message (by thread): Martian list of IP's to block???
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 01, 1999 at 08:49:23AM -0700, bmanning at vacation.karoshi.com wrote:
> >     deny   ip 224.0.0.0 31.255.255.255 any log
>
> 	I'm not convinced that blocking native multicast is a good idea.

	This is blocking packets sourced with a multicast ip, not
destined for multicast.

	ex: when i source multicast traffic the src ip is the ip of
the machine sending the traffic, and the dst is the ip of the multicast
group.

	so traffic would go from (for example) puck.nether.net (204.42.254.5)
to the multicast group for Places all over the World (224.2.172.238).

	This acl would prevent someone from sending a ping to your 
router, and faking the src ip to be something like all-routers.mcast.net,
and having you start ping flooding all the multicast routers,
or multicast hosts out on the internet.  (Think semi smurf-attack like).

	- jared
	
-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
END OF LINE  |

• Previous message (by thread): Martian list of IP's to block???
• Next message (by thread): Martian list of IP's to block???
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]