OSPF TTL Security Check
OSPF TTL Security Check will cause OSPF packets exchanged between OSPF routers to use a TTL of 255, and to only accept a TTL of 255. This eliminates the possibility of having an attacker that is more than one hop away, from sending spoofed OSPF packets to create a bogus adjacency, since any such packets will have a TTL of less than 255 and will be rejected. This can be applied either globally:
or per interface:
R1(config-if)#ip ospf ttl-security
By default, 255 is the TTL setting of the command, but can be changed using the
hops keyword like so:
R1(config-router)#ttl-security all-interfaces hops 100
hops keyword should be used with caution, as it can open an attack vector that the command itself endeavours to close.