The Good News Scope of Nasty Problem is not so bad A must be on path from S to T T must be in scope of any address filtering from C to S Including NATs Result: snooping access LAN, can only DoS someone on the LAN Spec defines some heuristics for client to detect this case Duplicate responses Inconsistent responses They are just heuristics Spec recommends security in app protocol SRTP for example |