Preventing multicast security hole

When running PIM on a Cisco router interface with an access control list with a reflexive component, an inappropriate security hole can be opened. Add an out access list entry to permit the multicast packets to pass. This will avoid the reflexive component of the list from opening an inbound IP hole between the multicast address (as source) and the multicast server(as destination). The reflexive hole could be used to initiate a DoS against the multicast server(s).
This was last published in May 2001

Dig Deeper on Network Security Best Practices and Products

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close