Re: IGMP denial of service vulnerability

• Previous message: Krishna N. Ramachandran: "IGMP denial of service vulnerability"
• In reply to: Krishna N. Ramachandran: "IGMP denial of service vulnerability"
• Next in thread: Arun D. Qamra: "Re: IGMP denial of service vulnerability"
• Reply: Arun D. Qamra: "Re: IGMP denial of service vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> Solution
> ---------
> All IGMP packets that are not multicast ethernet addresses should be 
> dropped.

Depending on the implementation of router R in linked document, couldn't
there still be a problem in the following scenario.

Host H1 is a member of two groups 230.0.0.1 and 230.0.0.2
Host H2 sends a membership report for group 230.0.0.1 to group
230.0.0.2.

Host H1 will obviously see this report as well.
Looking briefly at the code it appears host H1 may still consider this
an acceptable report from another host.  If, and I haven't tested any
router configurations, router R does not consider this a valid report
for the group 230.0.0.1 then the same DOS effect may occur.

The RFC says that membership reports should be sent to the group for
which the report applies.  Why not tighten the code down all the way, to
check not just that the report is multicast, but that all the addresses
match.

Marty Schoch
<mschochat_private>

• Next message: Murray S. Mazer: "Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow"
• Previous message: Krishna N. Ramachandran: "IGMP denial of service vulnerability"
• In reply to: Krishna N. Ramachandran: "IGMP denial of service vulnerability"
• Next in thread: Arun D. Qamra: "Re: IGMP denial of service vulnerability"
• Reply: Arun D. Qamra: "Re: IGMP denial of service vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 14 2002 - 12:43:44 PDT