In some mail from Tim Keanini, they said:
>
> Hi again,
> I have another question. I hope that it is valid to post.
>
> 4.4 BSD-lite as it is implemented in BSD Inc.'s BSD/OS 2.0 has no way of
> disabling MULTICAST on the interface.
>
> In an ideal world, I have tried to strip my BASTION(s) clean of all
> services that I am not using from the kernel. This is why I got a
> source license to BSD/OS. I just have to live with my interface
> having <MULTICAST>. :-(
>
> My question now is, what is my defence going to be at the EXTERNAL
> router to guard agaist exploitation of the MULTICAST protocol? I have
> it filtering the standard stuff but I have never explored how one
> might exploit the MULTICAST packet attacks.
> (I have been trying to think this one over in my head but I would like
> to hear from the list)
I'm not sure that it is possible to take advantage of it, in any special
way that isn't otherwise possible.
Any threat that the multicast packet is going to have is going to be
through some other program. You can't do multicast TCP so you don't
have to worry about that. Someone _may_ be able to do nasty things
with multicast IP if you're using a recent version of either xntpd or
gated AND you let through source routed packets.
Darren
References:
|
|
