What is TTL Security Mechanism (TTLS) in BGP and what threat does it mitigate?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

What is TTL Security Mechanism (TTLS) in BGP and what threat does it mitigate?

Explanation:
TTL Security Mechanism uses the IP TTL field to bind a BGP session to the directly connected neighbor, so the router only accepts BGP TCP connections that come from a one-hop path. By configuring the session to require a TTL value of 1, any attempt to form a BGP session from a remote network (i.e., more than one hop away) is dropped, because the packet would have traversed at least one router and its TTL would not match the expected value. This significantly reduces the risk of remote spoofed connections where an attacker tries to impersonate a neighbor by forging the source IP to hijack or misrepresent routes. TTLS does not encrypt BGP updates, nor does it involve TTL proxies or a TTL-based path vector; its purpose is specifically to guard against spoofed, non-direct-neighbor session attempts by leveraging the hop-count constraint.

TTL Security Mechanism uses the IP TTL field to bind a BGP session to the directly connected neighbor, so the router only accepts BGP TCP connections that come from a one-hop path. By configuring the session to require a TTL value of 1, any attempt to form a BGP session from a remote network (i.e., more than one hop away) is dropped, because the packet would have traversed at least one router and its TTL would not match the expected value. This significantly reduces the risk of remote spoofed connections where an attacker tries to impersonate a neighbor by forging the source IP to hijack or misrepresent routes. TTLS does not encrypt BGP updates, nor does it involve TTL proxies or a TTL-based path vector; its purpose is specifically to guard against spoofed, non-direct-neighbor session attempts by leveraging the hop-count constraint.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy