Yes looks like it can effect Linux. I don't know if this is related to your problrem. <snip> The IGMP report suppression mechanism can be exploited for launching an insider denial of service attack against a host connected to a Multicast group. Instead of sending a IGMP membership report to the Multicast group ethernet address as is the norm, an attacker sends the report addressed to the victim's ethernet address. The victim host on seeing the IGMP report suppresses its own IGMP report as per the IGMP standard. The querier router then never gets an IGMP report effectively cutting off traffic from that group. Systems Affected ----------------- Tested to be vulnerable on Microsoft Windows XP, Microsoft Windows 98, Linux 2.4.18. We believe that all other versions of these operating systems are also vulnerable. IGMP version 2 was used for testing the vulnerability. Implementations of all IGMP versions are believed to be vulnerable as IGMP report suppression is used in all versions of the IGMP protocol. Solution --------- All IGMP packets that are not multicast ethernet addresses should be dropped. </snip> -- ################# /Marek //Pawinski.net ################# -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
