From: johngibson1541@yahoo.com
Date: Tue May 22 2007 - 15:59:51 ART
The answer seems apparently the extra protection prevents
DOS attack using unknown multicast address from 1 protected
port to another protected port. However, the attacker can
simply use PIM packets (protected port still allow these
packets) to attack.
So, what kind of extra protection does "switchport block multicast"
do ? Doesn't seem much.
So, maybe "switchport protected" doesn't protect
against attacks using 0100.5e**.**** . If it doesn't, why
would univercd singles out PIM packets when millions of
addressed can be used to launch attack?
>Appreciate any response.
>
>If that config blocks 0100.5e**.**** (IPv4 multicast),
>then the hosts in that port can't receive ipv4 multicast directly
>from multicast server from another protected port. Sounds OK.
However, if we need to explicitly configure blocking unknown
multicast to offer that level of protection, what does
"switchport protected" do ? So, we can safely assume blocking unknown
multicast doesn't change any processing (from plain protected port)
with 0100.5e**.****
However, if blocking unknown multicast doesn't change any processing
(from plain protected port) with 0100.5e**.**** , it only adds
extra protection against multicast ehthernet addresses that our
hosts don't know about, how could that extra protection necessary ?
The unknown addresses are discarded at the switch by default any ways
right ?
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:21 ART