Hi
I'm not sure if this attack is all that serious since there is
always an RPF check for multicast.
As it says in the draft:
It should be noted that if the multicast RPF check is used (e.g.
to prevent routing loops), this would prevent an attacker from
forging the Source Address of a packet to an arbitrary value, thus
preventing an attacker from launching this attack against a remote
network.
Chapter 5 of [Juniper2010] discusses multicast RPF configuration
for Juniper routers.
If you read chapter 5 it starts out by explaining how RPF check is
always done for multicast.
Due to the RPF check, the possibility of spoofing is significantly
reduced. Just like it is when using unicast RPF. Hence I don't think
this attack vector is that serious.
Unless I'm missing something, I don't think it is worth making the
proposed change.
Stig
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
