Some embodiments described herein relate to multicast routing, and denial-of-service (DoS) resistant multicasting.
Multicasting is a communication mechanism in which data is addressed to a group of compute devices (e.g., more than one compute device). A compute device to which multicast data is addressed is referred to herein as a recipient. A multicast address specifies the group of recipients and, optionally, parties that send data to the group of recipients. Routers, upon receiving data that includes a multicast address, can be operable to automatically and/or dynamically produce a multicast distribution tree by which the data is delivered to network segments that are in a path between a source (e.g., a compute device) and the recipients in the group. Such techniques can conserve network resources as compared to unicast or broadcast techniques, particularly when the group includes a large number of recipients. For example, such techniques can exclude routers and/or recipients that are not in a path between the source and the recipients and efficiently duplicate data when necessary to reach multiple recipients.
Known multicasting techniques are particularly vulnerable to DoS attacks. A malicious actor observing traffic over a multicast network can identify a multicast address and direct malicious traffic, which can include malformed packets that include the multicast address. Routers implementing known multicast protocols may pass this malicious traffic to downstream network nodes, which can have the effect of exacerbating the attack.
One known application of multicasting is in overlay hub-and-spoke networks, such as Internet Relay Chat (IRC) or Command and Control (C2) networks. Such networks may be overlaid on the global internet and are prone to failure. The hubs typically manage delivery membership of users and other hubs, so the loss of any spoke or hub can result in an extensive recovery procedure that may require users to “find” a new hub for service. In addition a large amount of retransmission may be required to re-sync the rejoining members. Because, the hubs, spokes, and the multicast addresses used to reach users of such a network are static and detectable by a malicious actor, such networks are vulnerable to DoS attacks, particularly distributed DoS (DDoS) attacks carried out by botnets.
Another application of multicasting is in mesh networks, such as those employed by Internet of Things (IoT) sensors and/or devices. When nodes of such a network receive a signal, they may replicate it to other nearby network nodes. When targeted by a malicious actor, such sensors and/or devices, which may be battery operated and/or have limited computational and/or network resources, may waste precious resources replaying malicious attack packets. A need therefore exists for DoS resistant multicast networks.