RFC 3682 (rfc3682) - Page 1 of 11


The Generalized TTL Security Mechanism (GTSM)



Alternative Format: Original Text Document

Next >


Network Working Group                                            V. Gill
Request for Comments: 3682                                    J. Heasley
Category: Experimental                                          D. Meyer
                                                           February 2004


             The Generalized TTL Security Mechanism (GTSM)

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6)
   to protect a protocol stack from CPU-utilization based attacks has
   been proposed in many settings (see for example, RFC 2461).  This
   document generalizes these techniques for use by other protocols such
   as BGP (RFC 1771), Multicast Source Discovery Protocol (MSDP),
   Bidirectional Forwarding Detection, and Label Distribution Protocol
   (LDP) (RFC 3036).  While the Generalized TTL Security Mechanism
   (GTSM) is most effective in protecting directly connected protocol
   peers, it can also provide a lower level of protection to multi-hop
   sessions.  GTSM is not directly applicable to protocols employing
   flooding mechanisms (e.g., multicast), and use of multi-hop GTSM
   should be considered on a case-by-case basis.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Assumptions Underlying GTSM. . . . . . . . . . . . . . . . . .  2
       2.1.  GTSM Negotiation . . . . . . . . . . . . . . . . . . . .  3
       2.2.  Assumptions on Attack Sophistication . . . . . . . . . .  3
   3.  GTSM Procedure . . . . . . . . . . . . . . . . . . . . . . . .  3
       3.1.  Multi-hop Scenarios. . . . . . . . . . . . . . . . . . .  4
             3.1.1.  Intra-domain Protocol Handling . . . . . . . . .  5
   4.  Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . .  5
   5.  Security Considerations. . . . . . . . . . . . . . . . . . . .  5
       5.1.  TTL (Hop Limit) Spoofing . . . . . . . . . . . . . . . .  5
       5.2.  Tunneled Packets . . . . . . . . . . . . . . . . . . . .  6
             5.2.1.  IP in IP . . . . . . . . . . . . . . . . . . . .  6



Gill, et al.                  Experimental


Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions