| | |
Summary: Managing and Securing the Global Multicast Infrastructure
Prashant Rajvaidya, Krishna N. Ramachandran and Kevin C. Almeroth
Department of Computer Science
University of CaliforniaSanta Barbara
Santa Barbara, CA 93106-5110
E-mail:
prash, krishna, almerothˇ @cs.ucsb.edu
Abstract
A lack of mechanisms to monitor and manage multicast networks has adversely affected progress in several
areas critical for successful deployment. One such area involves discovering and solving multicast security vul-
nerabilities. Although a number of vulnerabilities exist, the most troubling are a set of easily exploited Denial-
of-Service (DoS) attacks. The main reason for this concern is that the one-to-many nature of multicast can sig-
nificantly magnify the effects of these attacks. Among the possible multicast DoS attacks, those that target the the
Multicast Source Discovery Protocol (MSDP) can be most damaging. MSDP vulnerabilities are unusually easy
to exploit and can lead to infrastructure-wide damage. In this paper, our goal is to develop a security framework
that protects against DoS attacks through detection and then "deflection". In developing our framework, we first
examine the vulnerability of multicast protocols, to DoS attacks. We use data collected with our global monitoring
infrastructure, Mantra, to analyze the nature and effects of attacks that have already occurred. We then create
additional, more virulent strains. Finally, we propose a family of solutions to detect and deflect the effects of each
|
