- ...
- This work was funded by the DFN-Verein (Association
for the promotion of a German Research Network) and Deutsche Telekom
under project number: DT10.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...server
- The ATMARP (ATM Address
Resolution Protocol) as specified in [10] is required for
resolving IP addresses into ATM addresses and vice versa. Unlike ARP
[11] which uses broadcasts to resolve addresses a server is
required in non broadcast multiple access networks such as ATM.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...connection
- Note that the number of
intermediate switches is irrelevant as long as a virtual connection
between attacker and server can be established.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...used
- In the case of a routed
broadcast LAN the attacker also has to make sure that the host,
whose IP address the attacker uses for spoofing, will not reset the
spoofed connection. This can be done by flooding it with
communication prior to the spoofing attack, so that the client is too busy to
respond to the packets from the server.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...establishment
- RFC
1577 [10]
section 5 ``Overview of Call Establishment Message Content''
requires the originator to supply a ``Calling Party Number''
Information Element (IE). It is expected to be an ATM address that
really belongs to the calling system, but of course this IE can be
faked like any other unauthenticated information.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...own
- This will not necessarily identify the attacker's host
because he may have registered an additional ATM address at his local
switch (see also section 2.6).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...connections
- The ATM cells at the `User to Network Interface'
have 8 bits for virtual path identification and 16 bits for virtual
channels. This allows for a theoretical total of 2^24 different
virtual connections at any time between host and switch.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...phrases
- RFC1157[3] denotes them as
`community names'.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...NNI
- `Network to Network Interface' (NNI) describes the
appropriate interface for switch to switch interconnection.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...symmetric
- If the P-NNI protocol is
used at the NNI, the setup is called ``symmetric'' because there are
two network nodes (switches). The UNI protocols are not
symmetric because they are used for different kinds of peers (between an
end system (host) and a network node (switch)).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...UNI
- `User Network
Interface' (UNI) describes a protocol to be used for connection
management between host and private ATM switches.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...group
- A number of switches that share a common addressing
scheme, e.g. the same address prefix, are grouped together. They
belong to a `peer group'.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...access
- During signaling for
connection establishment any node (both peers) and any intermediate
switch may disagree to the SETUP request. ATM networks therefore offer
some kind of ``shared control'' in contrast to legacy LANs which
usually offer only a ``shared access''.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...(CSMA/CD)
- Carrier Sense
Multiple Access with Collision Detection
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...only
- Beside configuring the PVCs the signaling of SVCs must
be disabled.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...interfaces
- Filters are not
in use unless they are applied to a port of the switch.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...DMZ
- A bastion host
is usually installed on its own subnet, frequently called
``Demilitarized Zone'' (DMZ) [4,5].
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.