And what if an attacker sends memberships queries with bogus MAC addresses
to a router via CGMP or IGMP messages to a switch... Would normal
filtering catch this problem (MAC spoofing/exhaustion) Wouldn't the
switch or router say "WTF?"
// EXAMPLE //
x:x:x:x:x:x who has 10.10.1.2
Router "no one... you do loser"
x:x:x:x:x:x "I am now 10.10.1.2 ... I am the king of the world"
Attacker via CGMP/IGMP --> Membership Query:
"Hello I am x:x:x:x:x:x at 10.10.2.2 I want to join this group"
Router "checks MAC tables scratching its RAM"
OTHER SCENARIOS: http://www.cs.ucsb.edu/~krishna/igmp_dos/
// END //
Maybe I should lay off the caffeine. Aside from your bulletproof
situation, if the case held true, 1) Why haven't many implemented this, my
guess would be ANEL (Apparent Network Engineer Laziness not pronounced
similar to ANAL) 2) why hasn't someone made mention via RFC/Standard/^ETC
...