From: johngibson1541@yahoo.com
Date: Tue May 22 2007 - 16:22:24 ART
If I learn it correctly, PIM can still be used to launch
attack right ?
If it cannot be used to launch attack, PIM can not run
properly from 1 protected port to another protected port
if I have learned enough right? Becuase we don't have "neighbor"
controls for PIM routing like that in NBMA OSPF.
>The answer seems apparently the extra protection prevents
>DOS attack using unknown multicast address from 1 protected
>port to another protected port. However, the attacker can
>simply use PIM packets (protected port still allow these
>packets) to attack.
So, what kind of extra protection does "switchport block multicast"
do ? Doesn't seem much.
So, maybe "switchport protected" doesn't protect
against attacks using 0100.5e**.**** . If it doesn't, why
would univercd singles out PIM packets when millions of
addressed can be used to launch attack?
>Appreciate any response.
>
>If that config blocks 0100.5e**.**** (IPv4 multicast),
>then the hosts in that port can't receive ipv4 multicast directly
>from multicast server from another protected port. Sounds OK.
However, if we need to explicitly configure blocking unknown
multicast to offer that level of protection, what does
"switchport protected" do ? So, we can safely assume blocking unknown
multicast doesn't change any processing (from plain protected port)
with 0100.5e**.****
However, if blocking unknown multicast doesn't change any processing
(from plain protected port) with 0100.5e**.**** , it only adds
extra protection against multicast ehthernet addresses that our
hosts don't know about, how could that extra protection necessary ?
The unknown addresses are discarded at the switch by default any ways
right ?
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:21 ART