Subject: Re: Melting down your network
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: tech-kern
Date: 03/29/2005 01:11:16
Jonathan Stone <jonathan@dsg.stanford.edu> wrote:

> Even that doesn't prevent DDoS: all the sender has to do is guess at
> an (non-local-scope) IGMP group which hosts are likley to have joined.

And set a TTL big enough. But I fail to see how it's something new: it
takes less than half an hour for a weak programmer to write from scratch
a program that does a multicast packet flood.

And the fact that it's multicast does not change much to how you fight
it. You get a flood coming to your network, you filter it out. A really
evil attacker would embbed the attack in a Windows worm and run the
multicast flood from many places at once. That would be nasty. 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org