Friday, October 24, 2008

Multicast as a recon. or attack vector?

Having been in the network architecture and security business for some time, I am quite surprised that more network recon. and attack tools have not given consideration to Multicast destinations. The backdrop is that more and more internal networks are video [multicast] enabled, academic Internet2 participants are often Multicast enabled in a Wide Area (WAN) sense.

Assuming minimally some internal network access, it would seem that a quick method of recon. would be to send traffic to a well known multicast app. address / port, and see what yields. At worst, you find a network that is not Multicast enabled and responses at layer 2 only.

More insideous would be the existance of backdoor command and control of botnets listening on Multicast addresses. One would only need access to a single internal network node in a large enterprise to send command and control to the remainder of the herd. Or worse still, if that botnet lived within the Internet2 wide area Multicast space, the command and control aspect could easily be just a trickle of Multicast and not noticed.

2 comments:

Unknown said...

can you elaborate more?

Anonymous said...

The Bonus Wheel provides players the prospect to spin for selection of|quite lots of|a big selection of} prizes, including loyalty factors and bonus credit, and is out there at chosen instances. As for the themed promotions, these occur a daily basis|regularly|frequently}, providing players who partake, the opportunity to attain match provides, credit and more. The site is on the record of really helpful casinos because it has an excellent monitoring report of working for greater than 20 years. Being one of many first casinos launched on Microgaming, it still provides broad range|a variety} of slots and live video 1xbet games from Evolution.