[69368] in North American Network Operators' Group
RE: BGP TTL check in 12.3(7)T
daemon@ATHENA.MIT.EDU (Tony Li)
Thu Apr 8 16:07:15 2004
Date: Thu, 08 Apr 2004 13:04:59 -0700
To: "Blaine Christian" <blaine.christian@mci.com>,
"'Iljitsch van Beijnum'" <iljitsch@muada.com>,
"'Hank Nussbacher'" <hank@att.net.il>
From: Tony Li <tony.li@tony.li>
Cc: <nanog@merit.edu>
In-Reply-To: <002601c41d98$9b88ba00$948d2799@mcilink.com>
Errors-To: owner-nanog-outgoing@merit.edu
>I am not sure that 254 is a good maximum number. Perhaps someone "in the
>know" can enlighten all of us as to why they chose to stop at 254 instead of
>255.
I can think of at least one vendor who decremented TTL prior to letting the
packet
come up to the RP. Further, the same vendor would drop the packet on the
line card when the TTL went to zero, so the RP never got a chance to see it.
I suspect that there are no other routers out there that do this today, but
unless
all vendors are willing to stand up and say that they deal with such things
properly
today, this is a possible issue. Allowing 254 gives some slack and doesn't
open
the window significantly. If someone were to use this to attack, then at
the very
worst, they are one hop away from an EBGP speaker. I suspect that this will
make them relatively easy to track down.
If folks do feel that this is a significant issue, then some operator who
is both
motivated about this and about to write a big check should poll his
favorite router
vendors and see if they all comply and then report back.
Tony
