Bugtraq mailing list archives
IGMP denial of service vulnerability
From: "Krishna N. Ramachandran" <krishna () cs ucsb edu>
Date: Fri, 14 Jun 2002 03:45:22 -0700 (PDT)
Topic : IGMP denial of service vulnerability Date : June 14, 2002 Credit : {krishna, arun, mohit}@cs.ucsb.edu Site : http://www.cs.ucsb.edu/~krishna/igmp_dos/ ************************************************************************ Description ------------ The IGMP report suppression mechanism can be exploited for launching an insider denial of service attack against a host connected to a Multicast group. Instead of sending a IGMP membership report to the Multicast group ethernet address as is the norm, an attacker sends the report addressed to the victim's ethernet address. The victim host on seeing the IGMP report suppresses its own IGMP report as per the IGMP standard. The querier router then never gets an IGMP report effectively cutting off traffic from that group. Systems Affected ----------------- Tested to be vulnerable on Microsoft Windows XP, Microsoft Windows 98, Linux 2.4.18. We believe that all other versions of these operating systems are also vulnerable. IGMP version 2 was used for testing the vulnerability. Implementations of all IGMP versions are believed to be vulnerable as IGMP report suppression is used in all versions of the IGMP protocol. Solution --------- All IGMP packets that are not multicast ethernet addresses should be dropped. Fix for Linux 2.4.18 is available at http://www.cs.ucsb.edu/~krishna/igmp_dos/ ************************************************************************ -Krishna
Current thread:
- IGMP denial of service vulnerability Krishna N. Ramachandran (Jun 14)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 14)
- Re: IGMP denial of service vulnerability Arun D. Qamra (Jun 14)
- IE 5.-6 CSS parsing error Dmitry Leonov (Jun 15)
- Re: IE 5.-6 CSS parsing error patpro (Jun 15)
- Re: IGMP denial of service vulnerability Arun D. Qamra (Jun 14)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 14)
- <Possible follow-ups>
- RE: IGMP denial of service vulnerability Nick Roffey (Jun 15)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 15)