6. Security Considerations

PIM-SM has several security considerations that must be addressed in deployment.

6.1. Attacks Based on Forged Messages

6.1.1. Forged Link-Local Messages

PIM link-local messages (Hello, Join/Prune, Assert) are vulnerable to forgery by on-link attackers. Potential attacks include: forged Hello messages to disrupt neighbor relationships, forged Join/Prune to manipulate tree state, forged Assert messages to become designated forwarder.

6.1.2. Forged Unicast Messages

Register and Register-Stop messages use unicast and are vulnerable to off-path attackers who can forge source addresses. This can lead to unauthorized traffic injection or denial of service.

6.2. Non-cryptographic Authentication Mechanisms

PIM can use non-cryptographic authentication mechanisms where link security is provided by other means (e.g., physical security, link-layer security).

6.3. Authentication

While RFC 4601 described IPsec authentication for PIM, this has been removed due to lack of deployment experience. Alternative authentication mechanisms should be considered based on deployment requirements.

6.4. Denial-of-Service Attacks

PIM is vulnerable to several DoS attacks: state explosion through Join floods, Register message floods to RP, Assert message storms on LANs. Rate limiting and access control should be implemented.

note

For detailed security analysis and mitigation strategies, see Section 6 of RFC 7761.

6.1. Attacks Based on Forged Messages​

6.1.1. Forged Link-Local Messages​

6.1.2. Forged Unicast Messages​

6.2. Non-cryptographic Authentication Mechanisms​

6.3. Authentication​

6.4. Denial-of-Service Attacks​