Kevin C. Almeroth wrote:
but consider: once you start running a
multicast session over the Internet, anybody who's within the TTL range
can intercept it.
Same with UDP traffic. Same with TCP traffic.
No, those can be intercepted only by tricking the routers. Multicast
specifically permits anyone to pick up the traffic just by asking for it.
First point: not necessarily.
It only requires being on a non-IGMP'd switch or a hub; at that point,
you can snoop the traffic and see any packet going to any multicast group.
It's much harder to snoop UDP; for non-broadcast, you'd have to be
in-line (on the wire, effectively) or on a hub. While hubs are becoming
less common, they're often being replaced with cheaper non-IGMP-capable
switches. Which means that they're still hubs, as far as multicast
traffic is concerned.
Second point: as long as you know the group address. with large volumes of
multicast traffic out there you also have a nice 28 bit key, i.e. it is
now infeasible for a host to join every group and expect not to be overwhelmed
with large amounts of traffic.
If no other host/router on your LAN is attached to the group, OR if the
switch you're on is IGMP-capable, then yes, you have a 28-bit key.
Alternately, if you're on a non-IGMP'd switch or a hub, and someone else
on the LAN is a member of the group, then you don't have a 28-bit key.
You can snoop and see the list of addresses in use, a much smaller set.
Finally, there are rules that hint at how to use subsets of addresses
for different uses (notably different scopes), e.g., RFC2365, a BCP.
That makes finding the 'needle in the haystack' much easier, e.g., if
you're hunting for teleconferencing, unless overrides are used, the
space is 15 bits, not 28.
Joe