The Generalized TTL Security Mechanism
RFC 3682, “The Generalized TTL Security Mechanism”, is an Experimental document published in February 2004 by V. Gill, J. Heasley, D. Meyer. It has been obsoleted by RFC 5082 — refer to the newer document for the authoritative version. The canonical text is published by the RFC Editor.
Abstract
The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to protect a protocol stack from CPU-utilization based attacks has been proposed in many settings (see for example, RFC 2461). This document generalizes these techniques for use by other protocols such as BGP (RFC 1771), Multicast Source Discovery Protocol (MSDP), Bidirectional Forwarding Detection, and Label Distribution Protocol (LDP) (RFC 3036). While the Generalized TTL Security Mechanism (GTSM) is most effective in protecting directly connected protocol peers, it can also provide a lower level of protection to multi-hop sessions. GTSM is not directly applicable to protocols employing flooding mechanisms (e.g., multicast), and use of multi-hop GTSM should be considered on a case-by-case basis. This memo defines an Experimental Protocol for the Internet community.
What “Experimental” means
Describes a specification that is part of a research or development effort, published so the community can gain experience with it.
The canonical text of RFC 3682 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 3681 Delegation of E.F.F.3.IP6.ARPA
- RFC 3683 A Practice for Revoking Posting Rights to IETF Mailing Lists
- RFC 3680 A Session Initiation Protocol Event Package for Registrations
- RFC 3684 Topology Dissemination Based on Reverse-Path Forwarding
- RFC 3679 Unused Dynamic Host Configuration Protocol Option Codes
- RFC 3685 SIEVE Email Filtering: Spamtest and VirusTest Extensions
- RFC 3678 Socket Interface Extensions for Multicast Source Filters
- RFC 3686 Using Advanced Encryption Standard Counter Mode With IPsec Encapsulating Security Payload