Re: [fw-wiz] ATM security

From: Darren Reed (
Date: 09/03/02

From: Darren Reed <>
Date: Tue Sep  3 12:11:01 2002

In some email I received from Alan Rudd, sie wrote:
> Dear FW Wizards:
> Is anyone aware of any commercial products (or any home grown ones), that
> provide enterprise-wide visibility (mapping and monitoring) and/or
> security/intrusion prevention/detection solutions for the OC3 and OC12 ATM
> circuits that a lot of IP traffic travels on? There are many products that
> provide these capabilities for pure IP/Ethernet, but as ATM is still widely
> used to provide Quality of Service and bandwidth management capability it
> often becomes a neglected security issue - i.e. the (false) notion that "an
> ATM (switched/cell-based) network won't get cracked".
> As part of a very small company that is developing something along these
> lines using floating point gate-array silicon technology (versus an ASIC), I
> would like to discuss the potential issues and uses with any interested
> parties that might help our research and development, as we are about to
> deploy an "alpha" stage pilot project with a customer in October.

There was a paper many years ago that discussed the problems with ATM
circuits and related security vulnerabilities for IP. The title of this
is "Securing 'Classical IP over ATM Networks'' (that should be find it
on the 'web.) I'm not sure if that's what you're thinking about here...

If you get hard core about your ATM, you can (like some switches allow),
construct filters for ATM frames based on ATM addresses. Not all
switches do, and the only ones I've experience with (Fore), were bought
out by Marconi who are now with their backs to the wall, did allow for
this. These were Forerunners.