Download presentation
Presentation is loading. Please wait.
1
An IP Multicast DOS attack jan.novak@dante.org.uk
2
mcast router 1PIM-SM domain-RP mcast router 3 mcast router 2 receivers The beginning :
3
mcast router 1 PIM-SM domain-RP mcast router 3 mcast router 2 Then: Receivers leave the group Cisco keeps the states with Oif=Null
4
mcast router 1 PIM-SM domain-RP mcast router 3 mcast router 2 Then: “Nasty” attack comes - some “left over” from old DVMRP tunnels …. WS-mrouted one way configuration from a WS to a router No tunnel on the router
5
mcast router 1 PIM-SM domain-RP mcast router 3 mcast router 2 Then: Cisco sees DVMRP probes, sets C flag for interoperability and ….. starts to send (*,G) joins because of locally connected receivers WS-mrouted one way configuration from WS to the router No tunnel on the router
6
How to detect: “debug ip dvmrp detail” How to prevent: “deny igmp from the host IP address” The result: Traffic on the outgoing interface of RP towards a downstream router A DVMRP tunnel configured on a WS about 2500 km from the router
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.