[nsp] BGP TTL Security Check
Roger
grunky at rockriver.net
Sat Apr 24 12:53:41 EDT 2004
Gert Doering wrote:
>>192.168.0.1, w/ a ttl of say 20 is perfectly fine, even though we'd know
>>that can't be true because the TTL is just way to high for a ip address
>>in the same subnet.
>>
>>
>
>The other way around. A *low* TTL is very easy to achieve for a spoofing
>sender. But it's impossible to get a *high* TTL spoofed.
>
>
Ok thanks Gert - the problem spawned from the fact that I though ip
packets going to hosts in the same subnet should have low ttls as
they're not going to be routed anyway..
If packets being set, even to hosts on the same subnet, have a ttl of
255 for starters then yes - the docs make a bit more scense.
--
Rock River Internet Roger Grunkemeyer
202 W. State St, 8th Floor grunky at rockriver.net
Rockford, IL 61101 815-968-9888 x101
More information about the cisco-nsp
mailing list