Kevin C. Almeroth wrote: >>>>>>but consider: once you start running a >>>>>>multicast session over the Internet, anybody who's within the TTL range >>>>>>can intercept it. >>>>>> >>>>Same with UDP traffic. Same with TCP traffic. >>>> >>>No, those can be intercepted only by tricking the routers. Multicast >>>specifically permits anyone to pick up the traffic just by asking for it. > > First point: not necessarily. It only requires being on a non-IGMP'd switch or a hub; at that point, you can snoop the traffic and see any packet going to any multicast group. It's much harder to snoop UDP; for non-broadcast, you'd have to be in-line (on the wire, effectively) or on a hub. While hubs are becoming less common, they're often being replaced with cheaper non-IGMP-capable switches. Which means that they're still hubs, as far as multicast traffic is concerned. > Second point: as long as you know the group address. with large volumes of > multicast traffic out there you also have a nice 28 bit key, i.e. it is > now infeasible for a host to join every group and expect not to be overwhelmed > with large amounts of traffic. If no other host/router on your LAN is attached to the group, OR if the switch you're on is IGMP-capable, then yes, you have a 28-bit key. Alternately, if you're on a non-IGMP'd switch or a hub, and someone else on the LAN is a member of the group, then you don't have a 28-bit key. You can snoop and see the list of addresses in use, a much smaller set. Finally, there are rules that hint at how to use subsets of addresses for different uses (notably different scopes), e.g., RFC2365, a BCP. That makes finding the 'needle in the haystack' much easier, e.g., if you're hunting for teleconferencing, unless overrides are used, the space is 15 bits, not 28. Joe