IGMP

This category includes the IGMP protocol.

IGMP is used by hosts and routers to dynamically register and discover multicast group membership. Attacks on the IGMP protocol usually target a vulnerability in the multicast routing software/hardware used, by sending specially crafted IGMP packets.

You can configure how IGMP attacks should be handled.

IGMP Fields

In this field…	Do this…
Action	Specify what action to take when an IGMP attack occurs, by selecting one of the following: Block. Block the attack. This is the default. None. No action.
Track	Specify whether to log IGMP attacks, by selecting one of the following: Log. Log the attack. This is the default. None. Do not log the attack.
Enforce IGMP to multicast addresses	According to the IGMP specification, IGMP packets must be sent to multicast addresses. Sending IGMP packets to a unicast or broadcast address might constitute and attack; therefore the Safe@Office appliance blocks such packets. Specify whether to allow or block IGMP packets that are sent to non-multicast addresses, by selecting one of the following: Block. Block IGMP packets that are sent to non-multicast addresses. This is the default. None. No action.

In this field…

Do this…

Action

Specify what action to take when an IGMP attack occurs, by selecting one of the following:

Block. Block the attack. This is the default.
None. No action.

Track

Specify whether to log IGMP attacks, by selecting one of the following:

Log. Log the attack. This is the default.
None. Do not log the attack.

Enforce IGMP to multicast addresses

According to the IGMP specification, IGMP packets must be sent to multicast addresses. Sending IGMP packets to a unicast or broadcast address might constitute and attack; therefore the Safe@Office appliance blocks such packets.

Specify whether to allow or block IGMP packets that are sent to non-multicast addresses, by selecting one of the following:

Block. Block IGMP packets that are sent to non-multicast addresses. This is the default.
None. No action.