Re: ATM security

[Roel JT Jonkman <rjonkman () ittc ukans edu>]

Hello,

> Is there any good  articles on ATM security? One problem is the current
As far as that goes I think there is a whole range of DoS attacks you could
fire at arp servers for example. (The CLIP stuff, rfc 1597 if I'm not 
mistaken.) LANE is likely not any better. Imposing different addresses is 
likely very trivial.

> conventional firewall cannot match the throughput of ATM network.
Hmm, we ran an alpha 3000/700 (225 Mhz, turbo channel based)for some firewall
testing, didn't do too shabby. About 1..2k packets it can do linespeed on 2
OC3's. (forwarding)  That box does about 50Mbytes/s on memory copies, and
since the protocol stack at least copies once, the theoretical limit
is 400Mbps, which is true. These boxes are DRAM based, so you are constrained
by the speed of the ram. However some of the Ultra's (SDRAM based) I've around 
can do 200Mbyte/s on memcopies, so theoritically they can achieve dual OC12
speeds. (2 * 622Mbps, I'm waiting on cards to be ordered right now.) I don't
have detailed results around on what the performance differences between a
high end alpha and high end ultra is. (Alphas have alignment troubles, which
in particular with small packets shows.)

roel