Check out the new USENIX Web site.

...
This work was funded by the DFN-Verein (Association for the promotion of a German Research Network) and Deutsche Telekom under project number: DT10.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...server
The ATMARP (ATM Address Resolution Protocol) as specified in [10] is required for resolving IP addresses into ATM addresses and vice versa. Unlike ARP [11] which uses broadcasts to resolve addresses a server is required in non broadcast multiple access networks such as ATM.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...connection
Note that the number of intermediate switches is irrelevant as long as a virtual connection between attacker and server can be established.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...used
In the case of a routed broadcast LAN the attacker also has to make sure that the host, whose IP address the attacker uses for spoofing, will not reset the spoofed connection. This can be done by flooding it with communication prior to the spoofing attack, so that the client is too busy to respond to the packets from the server.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...establishment
RFC 1577 [10] section 5 ``Overview of Call Establishment Message Content'' requires the originator to supply a ``Calling Party Number'' Information Element (IE). It is expected to be an ATM address that really belongs to the calling system, but of course this IE can be faked like any other unauthenticated information.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...own
This will not necessarily identify the attacker's host because he may have registered an additional ATM address at his local switch (see also section 2.6).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...connections
The ATM cells at the `User to Network Interface' have 8 bits for virtual path identification and 16 bits for virtual channels. This allows for a theoretical total of 2^24 different virtual connections at any time between host and switch.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...phrases
RFC1157[3] denotes them as `community names'.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...NNI
`Network to Network Interface' (NNI) describes the appropriate interface for switch to switch interconnection.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...symmetric
If the P-NNI protocol is used at the NNI, the setup is called ``symmetric'' because there are two network nodes (switches). The UNI protocols are not symmetric because they are used for different kinds of peers (between an end system (host) and a network node (switch)).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...UNI
`User Network Interface' (UNI) describes a protocol to be used for connection management between host and private ATM switches.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...group
A number of switches that share a common addressing scheme, e.g. the same address prefix, are grouped together. They belong to a `peer group'.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...access
During signaling for connection establishment any node (both peers) and any intermediate switch may disagree to the SETUP request. ATM networks therefore offer some kind of ``shared control'' in contrast to legacy LANs which usually offer only a ``shared access''.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...(CSMA/CD)
Carrier Sense Multiple Access with Collision Detection
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...only
Beside configuring the PVCs the signaling of SVCs must be disabled.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...interfaces
Filters are not in use unless they are applied to a port of the switch.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...DMZ
A bastion host is usually installed on its own subnet, frequently called ``Demilitarized Zone'' (DMZ) [4,5].
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Carsten Benecke, Uwe Ellermann / DFN-FWL