lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 8 Nov 2011 02:50:08 +0530
From:	Kumar Sanghvi <divinekumar@...il.com>
To:	Stephen Hemminger <shemminger@...tta.com>
Cc:	netdev@...r.kernel.org
Subject: Re: Query on usage of multicast as source IPv6 address

Hi Stephen,

On Mon, Nov 07, 2011 at 13:11:01 -0800, Stephen Hemminger wrote:
> On Tue, 8 Nov 2011 02:15:52 +0530
> Kumar Sanghvi <divinekumar@...il.com> wrote:
> 
> > However, what should be the behavior if a host receives a
> > packet (probably from a malicious host with pktgen abilities)
> > having a multicast address in source address field:
> > 1) Should the receiving host discard the packet?
> > 2) Should the receiving host dicard the packet, and send back
> >    ICMP error?
> > 3) Or should the receiving host send a response to the multicast
> >    address?
> 
> Before the Internet was full of people sending malicious packets,
> the standards encourage sending ICMP errors. Later RFC's discourage
> sending ICMP's for many cases (See RFC 1812).
> 
> IMHO just drop packet making sure to increment appropriate statistic.

Thank you for your reply.
However, I could not understand why Linux (tested on 3.1 kernel) sends
a response on multicast address for such malicious packets (see
tcpdump output in my original mail) ?

Was there some specific reason that we decided to send a response to
multicast address in Linux? Or is there some knob (e.g. sysfs/proc entry)
available using which we can modify the default Linux behavior ?

Thanks,
Kumar.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ