In IOS 12.4, Cisco added a feature to BGP that you might want to implement: TTL checking between peers. Although I've never heard of it happening, it is possible for a rogue router to hijack a BGP peer connection and inject bogus routes. To prevent this, you can use TTL checking between peers.
This feature takes advantage of the fact that it is thought to be impossible to forge the TTL count of an IP packet without internal access to the source or destination network. Since it's extremely difficult or impossible to forge TTL counts, we can apply a rule that only accepts IP packets with a TTL count tht is equal to our configured hop-count. (TTL can be considered a hop-count.)
This command is not supported for iBGP (internal) peers. It applies only to eBGP (external) peers.
For example, if the BGP peer was directly connected, we could set the hop-count (TTL) to 2, and our BGP process accepts only packets with that hop-count from that neighbor's IP address.
neighbor 10.10.1.1 ttl-security hops 2
With this setting, if the hop-count is less than 253, the packet is dropped. (You get 253 by subtracting our hop-count of 2 from 255.) The only TTL values that will be accepted are 254 and 253.
IOS Images and Configuration Files
Basic Router Configuration
IP Routing Topics
Interior Routing Protocols
Border Gateway Protocol
Quality of Service
Specialized Networking Topics
Switches and VLANs
Troubleshooting and Logging
Appendix A Network Basics