RFC 3682:The Generalized TTL Security Mechanism (G...
RFC-Ref

A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W

GTSM

Click on the red underlined text to get to the source

1. Introduction
... The Generalized TTL Security Mechanism (GTSM) is designed to protect a router's TCP/IP ...
... bandwidth. GTSM is based on the fact that the vast majority of protocol peerings are established between routers that are adjacent [PEERING ...
... attacks based on forged protocol packets. Finally, the GTSM mechanism is equally applicable to both TTL (IPv4) ...
... and Hop Limit (IPv6), and from the perspective of GTSM, TTL and Hop Limit have identical semantics ...


2. Assumptions Underlying GTSM
... Assumptions Underlying GTSM ...
... GTSM is predicated upon the following assumptions: (i) The vast majority of protocol peerings are between adjacent ...
... source IP address. (iii) Use of GTSM is OPTIONAL, and can be configured on a per-peer (group ...
... (iv) The peer routers both implement GTSM. ...
... GTSM Negotiation ...
... This document assumes that GTSM will be manually configured between protocol peers. That is, no automatic GTSM capability negotiation ...
... This document assumes that GTSM will be manually configured between protocol peers. That is, no automatic GTSM capability negotiation, such as is envisioned by RFC 2842(-> 3392draft) ...
... TTL of 255. GTSM can be disabled for applications such as route-servers and other large diameter ...


3. GTSM Procedure
... GTSM Procedure ...
... GTSM SHOULD NOT be enabled by default. The following process describes the per-peer behavior: ...
... per-peer behavior: (i) If GTSM is enabled, an implementation performs the following procedure: ...
... ICMP message MUST NOT be generated. (ii) If GTSM is not enabled, normal protocol behavior is followed. ...
... approach provides a qualitatively lower degree of security for the protocol implementing GTSM (i.e., a DoS attack could theoretically be launched by compromising some box in the path). However, GTSM ...
... GTSM (i.e., a DoS attack could theoretically be launched by compromising some box in the path). However, GTSM will still catch the vast majority of observed DDoS attacks against ...
... given protocol. Note that since the number of hops can change rapidly in real network situations, it is considered that GTSM may not be able to handle this scenario adequately and an implementation MAY provide OPTIONAL support. ...
... In general, GTSM is not used for intra-domain protocol peers or adjacencies. The special case of iBGP peers ...


5. Security Considerations
... GTSM is a simple procedure that protects single hop protocol sessions, except in those cases in which the peer has been ...
... While the GTSM method is less effective for multi-hop protocol ...
... attack. However, in the multi-hop scenario GTSM is an OPTIONAL extension. Protection of the protocol infrastructure beyond what is provided by the GTSM ...
... GTSM is an OPTIONAL extension. Protection of the protocol infrastructure beyond what is provided by the GTSM method will likely require cryptographic machinery such as ...

A - B - C - D - E - F - G - H - I - L - M - N - O - P - Q - R - S - T - U - V - W

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org