DOCSIS 3.0 and Multicast

Phil Karn karn at
Fri Nov 29 20:35:28 UTC 2013

On 11/29/2013 11:38 AM, Scott Helms wrote:
> Phil,
> Arbitrarily turning uni-cast traffic into multi-cast won't do much in
> that regard.  If the end points that didn't orginally ask for the data
> NAK the incoming stream then they'll get kicked out of the IGMP group,
> further the requesting end point will be confused by the fact that the
> traffic is coming in as multi-cast.  You could put up some fake hosts
> that will take any multi-cast data, but they'd be pretty easy to spot
> over time and making all of your home gateways accept multi-cast traffic
> they didn't ask for would be a bad thing (think trivial DDoS of your
> system).

Oh, sorry, I meant to explain that this would be part of a new system
with user software explicitly written to join a multicast group,
passively listen to all incoming traffic, decrypt whatever's addressed
to it and ignore the rest.

If the destination addresses are hashed or encrypted so that only the
recipient can recognize them, then passive eavesdropping would not
reveal to whom they were being sent and the system would be no less
efficient than an existing cable modem network with the same set of users.

I've been trying to think of ways to thwart large scale traffic
analysis, and in a unicast network it's really not easy without a lot of
extra traffic (think TOR).

More information about the NANOG mailing list