Re: IGMP denial of service vulnerability

From: Marty Schoch (
Date: 06/14/02

From: Marty Schoch <>
To: "Krishna N. Ramachandran" <>
Date: 14 Jun 2002 14:45:33 -0400

> Solution
> ---------
> All IGMP packets that are not multicast ethernet addresses should be
> dropped.

Depending on the implementation of router R in linked document, couldn't
there still be a problem in the following scenario.

Host H1 is a member of two groups and
Host H2 sends a membership report for group to group

Host H1 will obviously see this report as well.
Looking briefly at the code it appears host H1 may still consider this
an acceptable report from another host. If, and I haven't tested any
router configurations, router R does not consider this a valid report
for the group then the same DOS effect may occur.

The RFC says that membership reports should be sent to the group for
which the report applies. Why not tighten the code down all the way, to
check not just that the report is multicast, but that all the addresses

Marty Schoch

Relevant Pages

  • Re: IGMP denial of service vulnerability
    ... But my point really was geared to, what does the spec say, and how do router ... - "send report" for the group on the interface. ... > carry on forwarding multicast traffic. ... > a group member is known to CGMP, that switch port will continue to ...
  • QCReports demo
    ... QueryCalc, the graphics report writer we'd written for IMAGE and the HP3000. ... QueryCalc, which we now call QCReports, was translated onto the PC. ... same as we move from host platform to platform. ...
  • Re: would these loop loss figures explain my disconnection/sync problems?
    ... > I've been experiencing a lot of disconnection/loss of sync problems ... My Router, a Netgear DG824M, ... > doesn't give line stats so I spoke to F9 who reported some stats (see ... If it fails report fault to BT. ...
  • Re: How to have two routers ( with one switched off!)
    ... The difficulty with FTTC is that the VDSL modem doesn't report any of this information through the Ethernet router. ... The router may well continue to report that you have a connection (it will still have the IP address that was issued to it by the ISP) and unless you have a sophisticated router that supports a mechanism to monitor end-to-end connectivity it will tell you nothing useful. ...