Confirming source-routed multicast is dead on the public Internet

John Kristoff jtk at depaul.edu
Wed Aug 1 15:58:09 UTC 2018


On Wed, 1 Aug 2018 15:45:44 +0000
Adam Davenport <adam at davenpro.com> wrote:

> I can confirm that GTT does indeed filter IP sourced from 224.0.0.0/4 at its edge.

Do you mean sent to 224/4 or literally anything with a source address
of 224/4?

For those that are or are considering filtering, you might also want to
consider limiting IGMP at router interfaces.  The only known use of
IGMP past the local link I'm aware of was for mtrace tool, but allowing
it can pose some danger in two forms.  One is yet another DDoS
reflection and amplification vector, another is a some router system
and configuration disclosure.  See the following for details:

  <https://ccronline.sigcomm.org/wp-content/uploads/2017/01/p27-sargent.pdf>

In experiments I ran in early parts of that work I found that Cogent
did not forward IGMP messages through its network in my tests, but this
may be due to the routing hardware/software they were using at the time
rather than an explicit filtering policy.

John


More information about the NANOG mailing list