Re: Confirming source-routed multicast is dead on the public Internet
On Wed, 1 Aug 2018 15:45:44 +0000 Adam Davenport <adam@davenpro.com> wrote:
I can confirm that GTT does indeed filter IP sourced from 224.0.0.0/4 at its edge.
Do you mean sent to 224/4 or literally anything with a source address of 224/4? For those that are or are considering filtering, you might also want to consider limiting IGMP at router interfaces. The only known use of IGMP past the local link I'm aware of was for mtrace tool, but allowing it can pose some danger in two forms. One is yet another DDoS reflection and amplification vector, another is a some router system and configuration disclosure. See the following for details: <https://ccronline.sigcomm.org/wp-content/uploads/2017/01/p27-sargent.pdf> In experiments I ran in early parts of that work I found that Cogent did not forward IGMP messages through its network in my tests, but this may be due to the routing hardware/software they were using at the time rather than an explicit filtering policy. John
participants (1)
-
John Kristoff