datatracker.ietf.org
Sign in
Version 5.6.4, 2014-10-13
Report a bug

Protocol Independent Multicast - Sparse Mode (PIM-SM) Multicast Routing Security Issues and Enhancements
RFC 4609

Document type: RFC - Informational (October 2006; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4609 (Informational)
Responsible AD: David Kessens
Send notices to: dmm@1-4-5.net

Network Working Group                                          P. Savola
Request for Comments: 4609                                     CSC/FUNET
Category: Informational                                      R. Lehtonen
                                                             TeliaSonera
                                                                D. Meyer
                                                             August 2006

         Protocol Independent Multicast - Sparse Mode (PIM-SM)
           Multicast Routing Security Issues and Enhancements

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This memo describes security threats for the larger (intra-domain or
   inter-domain) multicast routing infrastructures.  Only Protocol
   Independent Multicast - Sparse Mode (PIM-SM) is analyzed, in its
   three main operational modes: the traditional Any-Source Multicast
   (ASM) model, the source-specific multicast (SSM) model, and the ASM
   model enhanced by the Embedded Rendezvous Point (Embedded-RP)
   group-to-RP mapping mechanism.  This memo also describes enhancements
   to the protocol operations that mitigate the identified threats.

Savola, et al.               Informational                      [Page 1]
RFC 4609           PIM-SM Multicast Routing Security         August 2006

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................4
   3. Threats to Multicast Routing ....................................4
      3.1. Receiver-Based Attacks .....................................5
           3.1.1. Joins to Different Groups (Join Flooding) ...........5
      3.2. Source-Based Attacks .......................................7
           3.2.1. Sending Multicast to Empty Groups (Data Flooding) ...7
           3.2.2. Disturbing Existing Group by Sending to It
                  (Group Integrity Violation)..........................8
      3.3. Aggravating Factors to the Threats .........................9
           3.3.1. Distant RP/Source Problem ...........................9
           3.3.2. No Receiver Information in PIM Joins ...............10
   4. Threat Analysis ................................................10
      4.1. Summary of the Threats ....................................10
      4.2. Enhancements for Threat Mitigation ........................10
   5. PIM Security Enhancements ......................................11
      5.1. Remote Routability Signalling .............................11
      5.2. Rate-Limiting Possibilities ...............................12
      5.3. Specific Rate-limiting Suggestions ........................14
           5.3.1. Group Management Protocol Rate-Limiter .............14
           5.3.2. Source Transmission Rate-Limiter ...................14
           5.3.3. PIM Signalling Rate-Limiter ........................15
           5.3.4. Unicast-Decapsulation Rate-Limiter .................15
           5.3.5. PIM Register Rate-Limiter ..........................15
           5.3.6. MSDP Source-Active Rate-Limiter ....................16
      5.4. Passive Mode for PIM ......................................16
   6. Security Considerations ........................................16
   7. Acknowledgements ...............................................17
   8. References .....................................................17
      8.1. Normative References ......................................17
      8.2. Informative References ....................................17
   Appendix A.  RPF Considers Interface, Not Neighbor ................19
   Appendix B.  Return Routability Extensions ........................20
     B.1.  Sending PIM-Prune Messages Down the Tree ..................20
     B.2.  Analysing Multicast Group Traffic at DR ...................21
     B.3.  Comparison of the Above Approaches ........................21

Savola, et al.               Informational                      [Page 2]
RFC 4609           PIM-SM Multicast Routing Security         August 2006

1.  Introduction

   This document describes security threats to the Protocol Independent
   Multicast - Sparse Mode (PIM-SM) multicast routing infrastructures
   and suggests ways to make these architectures more resistant to the
   described threats.

   Only attacks that have an effect on the multicast routing
   infrastructures (whether intra- or inter-domain) are considered.

   "On-link" attacks where the hosts specifically target the Designated

[include full document text]