Multicast isolation

This test checks that customers cannot discover devices between each other's ports by using a multicast discovery protocol. Not allowing multicast discovery traffic prevents unauthorized access to other customers' content.

Tested protocols:

  • UPnP/SSDP
    • Address: 239.255.255.250; Port: 1900
  • mDNS (including Bonjour)
    • Address: 224.0.0.251; Port: 5353
  • LLMNR
    • Address: 224.0.0.252; Port: 5355

Impact: Unauthorized access to resources such as printers or storage devices

Test process

  • Malicious sends 5 multicast discover packets on each protocol.

Fail criteria

  • A multicast discover packet arrives at Customer.

Reference

This test conforms to SEC Access Certification ID "SEC-V4-UPNP-1".

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • Customer: One or more customers that Malicious will affect.
  • ISP: A central node on a trusted port.
Have more questions? Submit a request

Comments

Powered by Zendesk