Cisco Certified Internetwork Expert (CCIE) Practice Test

Which best practice helps limit inbound TTL expiry attacks?

• A. Setting the TTL value to zero
• B. Setting the TTL value equal to the longest path in the network
• C. Setting the TTL value to more than the longest path in the network
• D. Setting the TTL value to less than the longest path in the network

The correct answer is: Setting the TTL value to more than the longest path in the network

To limit inbound TTL expiry attacks, setting the Time-to-Live (TTL) value to more than the longest path in the network is an effective best practice. TTL is a mechanism used to prevent packets from endlessly circulating on the network. When packets reach a router, the router decrements the TTL value. If the TTL reaches zero, the packet is discarded. If the TTL value is set too low, it may expire before it can successfully reach its destination, which could trigger legitimate packets to be dropped or result in unnecessary retransmission. On the other hand, setting the TTL value higher than the longest path in the network ensures that packets have sufficient time to traverse through all the routing devices without reaching zero. This adjustment aids in maintaining communication resiliency by enabling outbound packets to successfully reach their destination, thereby reducing the chances of inadvertent packet loss from legitimate sources. An insufficient TTL value could make the network vulnerable to TTL expiry attacks where malicious entities could exploit this weakness to disrupt services or mask their own traffic in the network. In this context, ensuring that the TTL is sufficiently high not only enhances the reliability of packet delivery but also plays a role in fortifying the network against such attacks.