Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ebgp-multihop

  • From: Stewart, William C (Bill), SALES
  • Date: Fri Feb 28 17:57:00 2003

I'm assuming that the reason Tim's asking about 
setting TTLs to numbers like 255 is because he wants to use the
BGP TTL Security Hack to protect against BGP DDOS attacks.
The hack works by setting TTL to a very high value,
and ACL-discarding any BGP packets that don't have TTLs >= ~254,
because it's very hard to fake TTLs, especially from far away.

http://www.ietf.org/internet-drafts/draft-gill-btsh-01.txt
http://www.nanog.org/mtg-0302/hack.html - Dave Meyer's Abstract
http://www.nanog.org/mtg-0302/ppt/meyer.pdf - Dave Meyer's Talk.
	(Hmmm.. Dave's abstract says he's at Sprint and U of Oregon
	Tim is at Oregon Health Sciences University.)

The internet-draft and Dave's talk both say that for multi-hop
you need to set the ACL thresholds a hop or two lower (obviously),
which expands the set of people who might be able to inject hostile packets,
but it's still pretty tightly contained.

		Bill Stewart
			bill.stewart@pobox.com




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.