Browse Prior Art Database

The Generalized TTL Security Mechanism (GTSM) (RFC3682)

IP.com Disclosure Number: IPCOM000021966D
Original Publication Date: 2004-Feb-01
Included in the Prior Art Database: 2004-Feb-18
Document File: 12 page(s) / 23K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

V. Gill: AUTHOR [+3]

Abstract

The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to protect a protocol stack from CPU-utilization based attacks has been proposed in many settings (see for example, RFC 2461). This document generalizes these techniques for use by other protocols such as BGP (RFC 1771), Multicast Source Discovery Protocol (MSDP), Bidirectional Forwarding Detection, and Label Distribution Protocol (LDP) (RFC 3036). While the Generalized TTL Security Mechanism (GTSM) is most effective in protecting directly connected protocol peers, it can also provide a lower level of protection to multi-hop sessions. GTSM is not directly applicable to protocols employing flooding mechanisms (e.g., multicast), and use of multi-hop GTSM should be considered on a case-by-case basis.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 15% of the total text.

Network Working Group V. Gill

Request for Comments: 3682 J. Heasley

Category: Experimental D. Meyer

February 2004

The Generalized TTL Security Mechanism (GTSM)

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. It does not specify an Internet standard of any kind.

Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2004). All Rights Reserved.

Abstract

The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6)

to protect a protocol stack from CPU-utilization based attacks has

been proposed in many settings (see for example, RFC 2461). This

document generalizes these techniques for use by other protocols such

as BGP (RFC 1771), Multicast Source Discovery Protocol (MSDP),

Bidirectional Forwarding Detection, and Label Distribution Protocol

(LDP) (RFC 3036). While the Generalized TTL Security Mechanism

(GTSM) is most effective in protecting directly connected protocol

peers, it can also provide a lower level of protection to multi-hop

sessions. GTSM is not directly applicable to protocols employing

flooding mechanisms (e.g., multicast), and use of multi-hop GTSM

should be considered on a case-by-case basis.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2

2. Assumptions Underlying GTSM. . . . . . . . . . . . . . . . . . 2

2.1. GTSM Negotiation . . . . . . . . . . . . . . . . . . . . 3

2.2. Assumptions on Attack Sophistication . . . . . . . . . . 3

3. GTSM Procedure . . . . . . . . . . . . . . . . . . . . . . . . 3

3.1. Multi-hop Scenarios. . . . . . . . . . . . . . . . . . . 4

3.1.1. Intra-domain Protocol Handling . . . . . . . . . 5

4. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 5

5. Security Considerations. . . . . . . . . . . . . . . . . . . . 5

5.1. TTL (Hop Limit) Spoofing . . . . . . . . . . . . . . . . 5

5.2. Tunneled Packets . . . . . . . . . . . . . . . . . . . . 6

5.2.1. IP in IP . . . . . . . . . . . . . . . . . . . . 6

Gill, et al. Experimental [Page 1]

RFC 3682 Generalized TTL Security Mechanism February 2004

5.2.2. IP in MPLS . . . . . . . . . . . . . . . . . . . 7

5.3. Multi-Hop Protocol Sessions. . . . . . . . . . . . . . . 8

6. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 8

7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8

7.1. Normative References . . . . . . . . . . . . . . . . . . 8

7.2. Informative References . . . . . . . . . . . . . . . . . 9

8. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 10

9. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 11

1. Introduction

The Generalized TTL Security Mechanism (GTSM) is designed to protect

a router's TCP/IP based control plane from CPU-utilization based

attacks. In particular, while cryptographic techniques can protect

the router-based infrastructure (e.g., BGP [RFC1771], [RFC1772]) from

a wide variety of attacks, man...