+ Reply to Thread
Results 1 to 3 of 3
  1. Senior Member
    Join Date
    Feb 2005
    Location
    East
    Posts
    327

    Certifications
    CCENT
    #1

    Default A question about IP multicast

    RFC 1112
    http://datatracker.ietf.org/doc/rfc1112/


    7.2 Extensions to the IP module

    An incoming datagram is not rejected for having an IP time-to-live of 1 (i.e., the time-to-live should not automatically be decremented on arriving datagrams that are not being forwarded).
    Is the above just too obvious?

    An incoming datagram with an IP host group address in its source address field is quietly discarded.
    Is it possible for a datagram to have host group address in source addr field?
    Last edited by johnifanx98; 05-11-2011 at 09:33 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #2
    Quote Originally Posted by johnifanx98 View Post
    RFC 1112
    RFC 1112


    7.2 Extensions to the IP module
    "An incoming datagram is not rejected for having an IP time-to-live of 1 (i.e., the time-to-live should not automatically be decremented on arriving datagrams that are not being forwarded). "

    Is the above just too obvious?
    Hahahaha. Yeah, it does seem kind of obvious you wouldn't discard something that you want.

    "An incoming datagram with an IP host group address in its source address field is quietly discarded. "

    Is it possible for a datagram to have host group address in source addr field?
    I immediately think of malicious intent: that is, forgery of the source address. I cannot envision a "normal" way this could occur.
    Reply With Quote Quote  

  4. APA
    APA is offline
    Senior Member APA's Avatar
    Join Date
    Jun 2006
    Location
    Sydney, Australia
    Posts
    956

    Certifications
    CompTIA, Microsoft, Juniper & Cisco (Check Signature)
    #3
    Quote Originally Posted by johnifanx98 View Post
    RFC 1112
    RFC 1112


    7.2 Extensions to the IP module


    Is the above just too obvious?


    Is it possible for a datagram to have host group address in source addr field?
    1) The statement is tying together multiple areas in the RFC....

    - A multicast datagram can be sent with a TTL of 1 if it is expected to NOT go past the local network or if the upper-layer protocol does not specify a TTL therefore an explicit choice is required by the receiving gateway to forward it past a local network and onto other multicast gateways...

    - It is possible for a host to receive a multicast datagram for a group that it is not a multicast member of (think of how the Multicast group address, maps into the multicast mac address... meaning multiple groups can share the same multicast mac address), therefore in this odd scenario(should rarely happen)..... the multicast datagram would have a TTL of 1, however on this occasion the receiving host should not decrement TTL like it would for a normal unicast datagram, but rather the packet should be silently discarded, meaning no repsonse with an ICMP error message (TTL, destination unreachable etc)

    - Therefore the statement you highlighted, seems blatantly obvious.....if the packet was indeed intended for the host.... however what would happen if it wasn´t? Hence the statement stresses that the TTL shouldn´t be decremented for the two reasons I provided above....


    2) Yeah it comes down to IP spoofing protection..... read section 6.2 last paragraph

    '¨A host group address must never be placed in the source address field or anywhere in a source route or record route option of an outgoing IP datagram¨
    Last edited by APA; 05-20-2011 at 02:02 AM.
    ------------------------------------------------------------
    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks