STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 1 hour ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Nokia Service Router OS 25.x Router Security Technical Implementation Guide

V-283890

CAT III (Low)

The Nokia Border Gateway Protocol (BGP) router must be configured to enable the Generalized TTL Security Mechanism (GTSM).

Rule ID

SV-283890r1203919_rule

STIG

Nokia Service Router OS 25.x Router Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002385

Discussion

GTSM is designed to protect a router's IP-based control plane from denial-of-service attacks. Many attacks focused on CPU load and line-card overload can be prevented by implementing GTSM on all Exterior Border Gateway Protocol speaking routers. GTSM is based on the fact that the vast majority of control plane peering is established between adjacent routers; that is, the Exterior Border Gateway Protocol peers are either between connecting interfaces or between loopback interfaces. Because TTL spoofing is considered nearly impossible, a mechanism based on an expected TTL value provides a simple and reasonably robust defense from infrastructure attacks based on forged control plane traffic.

Check Content

Review the router configuration.

Use the command below and verify "TTL Security" is "Enabled" and the "Min TTL Value" is configured correctly:

- show router bgp group "eBGP" detail | match TTL

TTL Security     : Enabled              Min TTL Value    : 1

If the router is not configured to use GTSM for all Exterior Border Gateway Protocol peering sessions, this is a finding.

Fix Text

Configure all Exterior Border Gateway Protocol peering sessions to use GTSM using the example below: 

- configure router bgp group "eBGP" ttl-security 1