OSPF

Time to live


[OSPF](/ospf) TTL Security Check will cause OSPF packets exchanged between OSPF routers to use a TTL of 255, and to only accept a [TTL](/time-to-live) of 255.  This eliminates the possibility of having an attacker that is more than one hop away, from sending spoofed OSPF packets to create a bogus adjacency, since any such packets will have a TTL of less than 255 and will be rejected.  This can be applied either globally:

```
R1(config-router)#ttl-security all-interfaces
```

or per interface:

```
R1(config-if)#ip ospf ttl-security
```

By default, 255 is the TTL setting of the command, but can be changed using the `hops` keyword like so:

```
R1(config-router)#ttl-security all-interfaces hops 100
```

The `hops` keyword should be used with caution, as it can open an attack vector that the command itself endeavours to close.


Links:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-i1.html#wp1001106196
https://forum.networklessons.com/t/ospf-ttl-security-check/1941/16?u=lagapides

OSPF TTL Security Check

Nexus lacp rate fast

Nexus

OSI Model

OSPF - Advertising point to multipoint networks

OSPF - Cost of summarized routes

OSPF - DR-BDR election per broadcast domain

OSPF - DR-BDR election priority of zero

OSPF - ECMP across two different areas

OSPF - Enabling authentication

OSPF - HMAC-SHA Extended Authentication

OSPF - Link State Updates (LSUs)

OSPF - MPLS SuperBackbone

OSPF - NBMA neighbors listen on 224.0.0.5

OSPF - NSSA P-bit

OSPF - Propagation of routes between areas

OSPF - Stub areas and allowed LSAs

OSPF - Type1 LSA

OSPF - Update pacing timers

OSPF - default-information originate always command

OSPF - distribute-list filtering

OSPF - manual neighbor configuration

OSPF - point-to-multipoint network type

OSPF - route filtering

OSPF - route summarization

OSPF - summary-address nssa-only on an ABR

OSPF - what triggers a DR-BDR election

OSPF ABR Type 3 LSA filtering using access lists

OSPF ABR and Loop Prevention

OSPF Authentication for v2 and v3

OSPF DR BDR election and neighbor adjacencies

OSPF DR BDR election criteria

OSPF DR BDR election process

OSPF Design - When to create new instance

OSPF Determining which LSA is newer

OSPF Discontiguous Area 0

OSPF E1 E2 N1 N2 routes

OSPF Forwarding Address

OSPF Hello packets unicast and multicast

OSPF IP Unnumbered

OSPF IS-IS comparison

OSPF Incremental SPF and receipt of LSAs

OSPF LSA Recursion

OSPF LSA Sequence Numbers

OSPF LSA Types

OSPF NSSA ABR advertises default route

OSPF Not So Stubby Area NSSA

OSPF Path selection

OSPF Routing Bit

OSPF SPF Scheduling and throttling timers

OSPF Troubleshooting

OSPF Type 4 LSA

OSPF Type 5 LSA

OSPF Type 7 LSA

OSPF Why it is not suitable for use on the Internet

OSPF advertising loopback network

OSPF area inactive

OSPF area notation

OSPF area type mismatch

OSPF backbone area 0

OSPF default metric values

OSPF design - when to create a new area

OSPF does not redistribute default route

OSPF downheap LSA

OSPF duplicate router IDs

OSPF extent of reconvergence process

OSPF immediate hello packet

OSPF in a GRE multipoint environment

OSPF loop prevention

OSPF master slave election

OSPF message options field

OSPF metric sum of outgoing interface costs

OSPF modifying the router ID

OSPF network command

OSPF network types

OSPF non directly connected neighbor adjacencies

OSPF packet types

OSPF point to point network type for Ethernet

OSPF requirements for forming adjacency

OSPF router ID in an IPv6 environment

OSPF router ID

OSPF sham-link cost

OSPF sham-link

OSPF virtual link and ABRs

OSPF where do you configure a virtual link

OSPF why is a backbone area 0 necessary

OSPF within what area is an OSPF router considered to be

OSPFv2 and OSPFv3 comparison

OSPFv3 - router ospfv3 command

OSPFv3 communication between routers and next hop addresses

OSPFv3 instance ID

Offset-list

PAT (overloading) maximum number of translations per inside global address

PAgP

PBR - Policy Based Routing

PBR - Transport Layer port number

PBR - load balancing

PBR - matching prefix lists

PBR - route-map and ACL deny statements not supported

OSPF TTL Security Check

Links to this page: