Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
General
Off-Topic
Multicast TTL 1 packets processed where?
--chris--
i was listening to a pod cast earlier and someone on the show brought up that "most" multicast packets with a TTL of 1 are not processed in the ASICs but instead in software. They were discussing "Client made" DoS'ing, and he said he had seen a client actually DoS their own network through copious amounts of routing protocols sending updates with TTL 1 packets.
Does anyone know what protocols might do this? Is it
all
of the common routing protocols?
Find more posts tagged with
Comments
ccie14023
The reason for this: when the TTL hits zero then the router is going to kick back an ICMP message with an error. This sort of thing is not handled in ASICs, so the packet needs to be punted to the CPU. Yes, a TTL of 1 is generally used for all routing protocols that use multicast. I can't think of any exceptions. If you think about it, there is no reason for multicast routing protocol packets to go beyond the local segment. Even if the TTL were greater than zero for some reason, multicast routing would have to be configured for the packet to go anywhere. TTL 0 traffic is not the only traffic that gets punted to the CPU, and it's often the case that when a router CPU goes high, traffic has some option that bumps it up there unnecessarily.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
