Security issues related to the MBONE fall under three broad categories: privacy, net flooding, and unauthorized access.

Privacy means that you may wish to have a conference on the MBONE for which only invited participants may view the content. This can be achieved via standard encryption and user authentication methods, for which provision has been made in the RTP protocol. Current MBONE applications like vic and vat provide this kind of privacy.

Net Flooding: When you connect to the MBONE, you set yourself up to potentially receive a lot of net traffic. Hackers could be tempted to dump packets to multicast addresses with participants they do not like. Using routers or mrouted, the total multicast traffic could be limited to prevent it from saturating you network, but that only allows the hackers to deny legitimate usage while they hog the bandwidth. Bandwidth limiting schemes that involve user authentication are sorely needed. Note: you cannot be flooded if you are not participating in a multicast, since the packets will not be forwarded to you. But if you do participate, you are open to this kind of attack. New algorithms and protocols are in the works now to deal with this.

The final security risk is that of unauthorized access. Some Unix hosts and all Windows hosts treat received multicast packets just like unicast packets addressed to them (this has been fixed in most versions of Unix and a fix will be released soon for Windows). Therefore, services at known port numbers may be accessed via multicast packets, when normally they are inaccessible to the outside world via unicast. This can easily be handled by filtering out known (low) port numbers. Because there are so few multicast applications in circulation, and as most common ones are safe, unauthorized access is not a major concern. However, in the future, as multicast applications proliferate, more robust solutions for preventing unauthorized access will be required.