Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

BGP TTL security & TTL expiry attack mitigation query

Hi,

On our perimeter routers with eBGP peering, we have ttl-security (1) enabled. Now, we are planning to enable TTL expiry attack mitigation related config on the ACL (with ttl <6 deny). My understanding is this config should not break eBGP connections  (ttl-security 1 sets ttl to 254) but wanted to check with experts here.

Thank you in advance ,

MS

1 ACCEPTED SOLUTION

Accepted Solutions

BGP TTL security & TTL expiry attack mitigation query

Your session should stay up. After applying the config, do a "show ip bgp neigh | inc Minimum" and you should see the minimum ttl allowed.

HTH,

John

HTH, John *** Please rate all useful posts ***
1 REPLY

BGP TTL security & TTL expiry attack mitigation query

Your session should stay up. After applying the config, do a "show ip bgp neigh | inc Minimum" and you should see the minimum ttl allowed.

HTH,

John

HTH, John *** Please rate all useful posts ***
308
Views
0
Helpful
1
Replies
CreatePlease to create content