Generalized TTL security mechanism
| This article is an orphan, as few or no other articles link to it. Please introduce links to this page from related articles; suggestions are available. (February 2009) |
The Generalized TTL Security Mechanism (GTSM) is a proposed Internet data transfer security method relying on a packet's Time to Live (IPv4) or Hop limit (IPv6) thus to protect a protocol stack from an attack of packets sent in rapid succession.
Introduction
The desired purpose of this proposal is to protect router infrastructure from overload-based attacks.
Implementation
For protocols which GTSM is enabled, the following procedure is performed.
- If the router is directly connected
- Change the outbound TTL to 255 for its protocol connection
- If the protocol is a configured protocol peer
Set the Active Control List (ACL) to allow packets of the given protocol to only pass to the route processor (RP). The TTL must be set to either 255 if the destination is directly connect or 255 minus the range of acceptable hops if not connect directly. This method assumes however that the ACL designated by the receive path is configured to control packets passing to the RP.
- If the inbound TTL is set to 255 or 255 minus the range of acceptable hops (when the peer is not directly connected), the packet will not be processed and will be sent to a low priority queue.
History
Many people have been given credit for creating the idea. Among them are Paul Traina and John Stewart. A similar method was also proposed by Ryan McDowell.
See also
External links
- The Generalized TTL Security Mechanism (GTSM), RFC 5082
If you like SEOmastering Site, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...
