[j-nsp] TTL value check

Stephen Gill gillsr at yahoo.com
Mon Mar 3 10:45:55 EST 2003

Barring the cynicism I'd agree :D.

-- steve

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Richard A
Sent: Monday, March 03, 2003 10:29 AM
To: Nicolas Fevrier
Cc: juniper at groupstudy.com; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] TTL value check

On Mon, Mar 03, 2003 at 11:47:36AM +0100, Nicolas Fevrier wrote:
> Hi,
> I'm trying to figure out how a Juniper can check 
> a TTL value in the "firewall filter from" statement.
> (in order to test the feasibility of some recommandations 
> from the BGP TTL Security Hack (BTSH) IETF draft).
> http://www.ietf.org/internet-drafts/draft-gill-btsh-01.txt
> I searched on jnpr web site and didn't find anything relevant :
> l/firewall-config11.html

Filtering packets by TTL would be useful, therefore it is currently not 

Another thing that is not supported, a simple match criteria where you
specify the offset into the packet, the size of the word (8, 16, and 32
bit would be plenty fine), and the value you want to match. This would
too useful in filtering DoS, so of course it can't be done.

Richard A Steenbergen <ras at e-gerbil.net>
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1
juniper-nsp mailing list juniper-nsp at puck.nether.net

More information about the juniper-nsp mailing list