Re: IGMP DOS Attack
From: John Kristoff (jtk@depaul.edu)Date: 04/11/02
- Previous message: Valdis.Kletnieks@vt.edu: "Re: IGMP DOS Attack"
- In reply to: Valdis.Kletnieks@vt.edu: "Re: IGMP DOS Attack"
- Next in thread: Christopher L. Morrow: "Re: IGMP DOS Attack"
- Next in thread: Cushing, David: "RE: IGMP DOS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Apr 2002 15:45:08 -0500 From: John Kristoff <jtk@depaul.edu> To: Valdis.Kletnieks@vt.edu
On Thu, 11 Apr 2002 15:53:03 -0400
Valdis.Kletnieks@vt.edu wrote:
> Anybody *else* remember a certain worm randomly picking IP addresses
> to attack, and causing IGMP meltdowns when it happened to pick a
> 224.x.x.x address, as all the multicast-aware hosts would start asking
> about the group? I remember a 2AM firestorm that took several of our
> routers and part of Abeliene with it...
It was the Ramen worm and it scanned random address space, including
that within 224.0.0.0/4. It wasn't IGMP, but rather problems with
excessive session announcement state between MSDP peers. Marshall
Eubanks gave a good presentation at a recent NANOG about IP multicast
issues including the impact of Ramen on the IP multicast enabled
Internet.
John
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Valdis.Kletnieks@vt.edu: "Re: IGMP DOS Attack"
- In reply to: Valdis.Kletnieks@vt.edu: "Re: IGMP DOS Attack"
- Next in thread: Christopher L. Morrow: "Re: IGMP DOS Attack"
- Next in thread: Cushing, David: "RE: IGMP DOS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
