Presentation is loading. Please wait.

Presentation is loading. Please wait.

An IP Multicast DOS attack

Similar presentations


Presentation on theme: "An IP Multicast DOS attack"— Presentation transcript:

1 An IP Multicast DOS attack jan.novak@dante.org.uk

2 mcast router 1PIM-SM domain-RP mcast router 3 mcast router 2 receivers The beginning :

3 mcast router 1 PIM-SM domain-RP mcast router 3 mcast router 2 Then: Receivers leave the group Cisco keeps the states with Oif=Null

4 mcast router 1 PIM-SM domain-RP mcast router 3 mcast router 2 Then: “Nasty” attack comes - some “left over” from old DVMRP tunnels …. WS-mrouted one way configuration from a WS to a router No tunnel on the router

5 mcast router 1 PIM-SM domain-RP mcast router 3 mcast router 2 Then: Cisco sees DVMRP probes, sets C flag for interoperability and ….. starts to send (*,G) joins because of locally connected receivers WS-mrouted one way configuration from WS to the router No tunnel on the router

6 How to detect: “debug ip dvmrp detail” How to prevent: “deny igmp from the host IP address” The result: Traffic on the outgoing interface of RP towards a downstream router A DVMRP tunnel configured on a WS about 2500 km from the router


Download ppt "An IP Multicast DOS attack"

Similar presentations


Ads by Google