Confirming source-routed multicast is dead on the public Internet

John Kristoff jtk at
Wed Aug 1 15:58:09 UTC 2018

On Wed, 1 Aug 2018 15:45:44 +0000
Adam Davenport <adam at> wrote:

> I can confirm that GTT does indeed filter IP sourced from at its edge.

Do you mean sent to 224/4 or literally anything with a source address
of 224/4?

For those that are or are considering filtering, you might also want to
consider limiting IGMP at router interfaces.  The only known use of
IGMP past the local link I'm aware of was for mtrace tool, but allowing
it can pose some danger in two forms.  One is yet another DDoS
reflection and amplification vector, another is a some router system
and configuration disclosure.  See the following for details:


In experiments I ran in early parts of that work I found that Cogent
did not forward IGMP messages through its network in my tests, but this
may be due to the routing hardware/software they were using at the time
rather than an explicit filtering policy.


More information about the NANOG mailing list