nanog mailing list archives
RE: BGP TTL check in 12.3(7)T
From: Tony Li <tony.li () tony li>
Date: Thu, 08 Apr 2004 13:04:59 -0700
I am not sure that 254 is a good maximum number. Perhaps someone "in the know" can enlighten all of us as to why they chose to stop at 254 instead of 255.
I can think of at least one vendor who decremented TTL prior to letting the packet
come up to the RP. Further, the same vendor would drop the packet on the line card when the TTL went to zero, so the RP never got a chance to see it.I suspect that there are no other routers out there that do this today, but unless all vendors are willing to stand up and say that they deal with such things properly today, this is a possible issue. Allowing 254 gives some slack and doesn't open the window significantly. If someone were to use this to attack, then at the very
worst, they are one hop away from an EBGP speaker. I suspect that this will make them relatively easy to track down.If folks do feel that this is a significant issue, then some operator who is both motivated about this and about to write a big check should poll his favorite router
vendors and see if they all comply and then report back. Tony
Current thread:
- Re: BGP TTL check in 12.3(7)T, (continued)
- Re: BGP TTL check in 12.3(7)T Magnus Eriksson (Apr 08)
- Re: BGP TTL check in 12.3(7)T vijay gill (Apr 08)
- RE: BGP TTL check in 12.3(7)T Blaine Christian (Apr 08)
- RE: BGP TTL check in 12.3(7)T Pekka Savola (Apr 08)
- RE: BGP TTL check in 12.3(7)T Blaine Christian (Apr 08)
- RE: BGP TTL check in 12.3(7)T Blaine Christian (Apr 08)
- Re: BGP TTL check in 12.3(7)T David Meyer (Apr 08)
- Re: BGP TTL check in 12.3(7)T Iljitsch van Beijnum (Apr 08)
- RE: BGP TTL check in 12.3(7)T Blaine Christian (Apr 08)
- Re: BGP TTL check in 12.3(7)T Iljitsch van Beijnum (Apr 08)
- Re: BGP TTL check in 12.3(7)T Pekka Savola (Apr 08)
- RE: BGP TTL check in 12.3(7)T Tony Li (Apr 08)
- RE: BGP TTL check in 12.3(7)T Blaine Christian (Apr 08)