Security Incidents mailing list archives

Re: IGMP DOS Attack

From: Justin Shore <macdaddy () neo pittstate edu>
Date: Thu, 11 Apr 2002 10:45:56 -0500

On 4/11/02 5:45 AM D.Stout () EU HNS COM said...

 Has anybody else had an IGMP DoS attack starting at 5:23 CET ?
 Does anybody know what causes this ?
 What are the implications of this (other than pure bandwidth 
consumption)

 I will continue to search for info, but please help me if you know what 
this is.


While you might be using multicast on your LAN, are you actually wanting 
to use that over your WAN link?  Does you upstream support it?  _Very_ 
few do.  If you're not wanting mcast in or out of your WAN link, block 
it.  

Justin


--
Justin Shore, ES-SS ES-SSR      Pittsburg State University
Network & Systems Manager       Kelce 157Q
Office of Information Systems   Pittsburg, KS 66762
Voice: (620) 235-4606           Fax: (620) 235-4545
http://www.pittstate.edu/ois/

Warning:  This message has been quadruple Rot13'ed for your protection.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

IGMP DOS Attack D . Stout (Apr 11)
- Re: IGMP DOS Attack Kurt Seifried (Apr 11)
- Re: IGMP DOS Attack Dave Dittrich (Apr 12)
- <Possible follow-ups>
- Re: IGMP DOS Attack Justin Shore (Apr 11)
- RE: IGMP DOS Attack Headley, Kevin (Apr 11)
  - Re: IGMP DOS Attack Valdis . Kletnieks (Apr 11)
    - Re: IGMP DOS Attack John Kristoff (Apr 11)
    - Re: IGMP DOS Attack Christopher L. Morrow (Apr 12)
- RE: IGMP DOS Attack Cushing, David (Apr 11)