From owner-freebsd-questions@FreeBSD.ORG Mon Apr 18 23:15:33 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CD2B16A4CE for ; Mon, 18 Apr 2005 23:15:33 +0000 (GMT) Received: from skipjack.no-such-agency.net (skipjack.no-such-agency.net [64.142.114.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FD0043D41 for ; Mon, 18 Apr 2005 23:15:33 +0000 (GMT) (envelope-from jpp@cloudview.com) Received: from skipjack.no-such-agency.net (localhost [127.0.0.1]) by skipjack.no-such-agency.net (Postfix) with ESMTP id B313134DA11 for ; Mon, 18 Apr 2005 16:15:32 -0700 (PDT) Received: from [192.168.2.120] (blackhole.no-such-agency.net [64.142.103.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by skipjack.no-such-agency.net (Postfix) with ESMTP id 852ED34DA0F for ; Mon, 18 Apr 2005 16:15:32 -0700 (PDT) Message-ID: <42643F94.7020903@cloudview.com> Date: Mon, 18 Apr 2005 16:15:32 -0700 From: John Pettitt User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions X-Enigmail-Version: 0.90.1.1 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-AV-Checked: by skipjack Subject: Multicast and security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 23:15:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My ISP ( sonic.net - a *great* ISP) just added support for the BBC multicast trial ( see http://support.bbc.co.uk/multicast/streams.html ). I'm looking at adding MROUTING to my gateway/firewall box (Soekris 4801 running 5.4 RC2). However having not played with multicast before I'm looking for pointers on the security issues (I don't want to create a gaping hole in my FW). I'm using ipfw for my normal FW stuff and I assume I need to add rules for 224.0.0.0/4 to let mrouted do it's job but what (if anything) do I need to do to make sure this can't be abused from the outside? John -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFCZD+TaVyA7PElsKkRAh/IAJ9H22H0QJUrt9xuO44NZrdP1jQpRwCgnV3y mxRoeFr9HTcut7AA9/OOgQs= =/EH4 -----END PGP SIGNATURE-----