Date: Fri, 21 Jan 2000 22:17:36 -0500 From: Jared Mauch <jared@puck.nether.net> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Jared Mauch <jared@puck.nether.net>, Brett Glass <brett@lariat.org>, Warner Losh <imp@village.org>, Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <20000121221736.A9396@puck.nether.net> In-Reply-To: <200001220118.RAA65802@apollo.backplane.com>; from dillon@apollo.backplane.com on Fri, Jan 21, 2000 at 05:18:17PM -0800 References: <200001210417.PAA24853@cairo.anu.edu.au> <200001210642.XAA09108@harmony.village.org> <4.2.2.20000121163937.01a51dc0@localhost> <200001220035.QAA65392@apollo.backplane.com> <20000121200829.E4055@puck.nether.net> <200001220118.RAA65802@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 21, 2000 at 05:18:17PM -0800, Matthew Dillon wrote: > > : I currently show 69695 prefixes on the internet. of those, > :7366 are currently multicast capable, which is 10.5%. > : > : I take some issue with your statement, as more hosts are currently > :connected than ever before, and I see it increase daily. I doubt it will > :reach 100% anytime soon, but it's far more deployed than it has ever > :been, and continues to be deployed. Attacks related to multicast connectivity > :need to be taken into account. > : > : - Jared > : > :-- > :Jared Mauch | pgp key available via finger from jared@puck.nether.net > :clue++; | http://puck.nether.net/~jared/ My statements are only mine. > > There are two waring multicast protocols... the one originally designed for > BSD (mrouted), and Cisco's more modern mcast protocols. Mrouted and dvmrp need to die their necessary deaths. pim is the way to go. > Until the protocols are reconciled you aren't going to be seeing much in the > way of high-bandwidth multicasting. <sarcasm> Really? I should probally stop returning those calls from the broadcast.com multicast group then. </sarcasm> I typically seel a 512k/sec or 1M video streams on the multicast connected sections of the internet, if not more. I must disagree entireley. There is a major chicken and egg scenario here. Multicast is not useful because it is not deployed. But people don't deploy it because they don't see it as useful, because people don't use it much because they feel they can't reach everyone. This needs to change, but this is not the correct fourm for that change. the FreeBSD IP stack should have enough hooks within itself to drop these bogon packets as soon as possible. i'm not an ip stack expert, but I know enough that we should drop packets where protocol=tcp and (src|dst) matches 224/4 - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000121221736.A9396>