Control plane attacks can occur when a compromised device sends unicast OSPF messages to a participating OSPF router, to combat these types of attacks, OSPF can use the TTL security check.
The idea is that if an IP packet is routed its TTL is reduced by one for each subsequent hop towards its destination. If all OSPF routers sent their packets with a TTL of 255 it would be easy to differentiate packets originating from off net. Since OSPF communication is always based on direct router to router communication (except for virtual and sham links) packets received with TTL less than 255 can be considered malicious traffic and can be dropped.
TTL security check can be activated per interface or globally, where interfaces can be turned off to participate in the security check as needed.
The TTL check can also be tuned to accept TTL values less than 255 by configuring an offset that subtracts its value from 255. This may be useful as some Cisco platforms will sometimes decrements the TTL value of the packet before its handed off to the OSPF process and would otherwise cause a packet to be dropped when it shouldn’t be.