[56228] in North American Network Operators' Group
Re: ebgp-multihop
daemon@ATHENA.MIT.EDU (Stewart, William C (Bill), SALES)
Fri Feb 28 17:55:38 2003
Date: Fri, 28 Feb 2003 17:54:52 -0500
From: "Stewart, William C (Bill), SALES" <billstewart@att.com>
To: <nanog@trapdoor.merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
I'm assuming that the reason Tim's asking about=20
setting TTLs to numbers like 255 is because he wants to use the
BGP TTL Security Hack to protect against BGP DDOS attacks.
The hack works by setting TTL to a very high value,
and ACL-discarding any BGP packets that don't have TTLs >=3D ~254,
because it's very hard to fake TTLs, especially from far away.
http://www.ietf.org/internet-drafts/draft-gill-btsh-01.txt
http://www.nanog.org/mtg-0302/hack.html - Dave Meyer's Abstract
http://www.nanog.org/mtg-0302/ppt/meyer.pdf - Dave Meyer's Talk.
(Hmmm.. Dave's abstract says he's at Sprint and U of Oregon
Tim is at Oregon Health Sciences University.)
The internet-draft and Dave's talk both say that for multi-hop
you need to set the ACL thresholds a hop or two lower (obviously),
which expands the set of people who might be able to inject hostile =
packets,
but it's still pretty tightly contained.
Bill Stewart
bill.stewart@pobox.com
