Preventing multicast security hole

When running PIM on a Cisco router interface with an access control list with a reflexive component, an inappropriate security hole can be opened. Add an out access list entry to permit the multicast packets to pass. This will avoid the reflexive component of the list from opening an inbound IP hole between the multicast address (as source) and the multicast server(as destination). The reflexive hole could be used to initiate a DoS against the multicast server(s).
This was first published in May 2001

Dig deeper on Network Security Best Practices and Products

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close