Improving the Security of an OSPF Network
On a network demanding high security, you can configure OSPF authentication and the GTSM to improve the security of the OSPF network.
Applicable Environment
In a network demanding high security, you can configure OSPF authentication and adopt the GTSM mechanism to improve the security of the OSPF network.
The GTSM mechanism defends against attacks by checking the TTL value. If an attacker keeps sending packets to a router by simulating real OSPF unicast packets, the router finds that itself is the destination of the packets after the interface board receives these packets. The router directly sends the packets to the control plane for OSPF processing without checking the validity of the packets. The router busies itself with processing these "valid" packets. As a result, the system is busy, and the CPU is highly occupied.
The GTSM mechanism protects a router by checking whether the TTL value in the IP packet header is in a pre-defined range to enhance the system security.
GTSM supports only unicast addresses; therefore, in OSPF, GTSM takes effect on the virtual link and the sham link.