----- Mensagem original -----
De: Firewalls-Digest [SMTP:[EMAIL PROTECTED]]
Enviada em: Segunda-feira, 3 de Janeiro de 2000 7:13
Para: [EMAIL PROTECTED]
Assunto: Firewalls-Digest V8 #753
Date: Sun, 2 Jan 2000 21:55:05 -0800 (PST)
From: pbb jhe <[EMAIL PROTECTED]>
Subject: X.25 link
Though X.25 is phasing out by Frame Relay, ATM, etc, I
believe no one can deny there are still large
installation sites available nowadays.
I have the following questions:
a. What is the maximum throughput for a 64kbps X.25
link ?
[Luciano A. C. Mello] That will depend on the link parameters, like Packet Size, L2
Window Size, L3 Window Size and switching capability of the X.25 switch.
For what i have seen, under the best conditions, about 90% of a nominal link speed.
For best conditions I mean the highest possible L3 and L2 Window Size and a Packet
Size that can fit the maximum data unit generated by the application and, of course, a
error-free link.
Speaking about practice, a link with Packet Size=512, L2 Window = 7 and L3 Window = 2
will have an average throughput of 14Kbps with only one VC active. Since the L3 Window
Size have meaning only within a VC, on links with more VCs the general throughput will
be higher.
b. What is the maximum speed that current X.25
technology can support ?
[Luciano A. C. Mello] Well, we're talking about speed here, not throughput, correct?
In this case, it'll depend on the serial hardware of the X.25 switch, not on the
protocol. A Cisco router (75xx) can go up to 8Mbps on a serial interface. However,
existing X.25 installations are in the majority based on older hardware, so it's very
difficult to see an X.25 link with speeds higher than 2Mbps.
These links are often used on the network's core, and in general, a network owner will
update it's core to a newer technology instead of upgrading the hardware to support
higher speeds.
c. What are the security loophole available in X.25 in
comparison to Frame Relay ?
[Luciano A. C. Mello] There was a discussion some time ago on this list about
security issues on Frame Relay. I suppose they're quite the same on X.25. The major
concerns are the management access of the switches and the possibility of sniffing
packets, which are the same for any kind of protocol or network hardware.
In general, the management is done in-band, i.e. using another VC on the same link to
access the configuration of the switch. In this case, that information can be sniffed.
Some installations use dial modems for backup links and for out-band management, where
someone can dial into the switch and try to guess the password to gain access. Against
this strong passwords must be used.
Sniffing the data presumes the attacker can have physical access to the link or to a
switch on the network, to plug a sniffer, or the attacker can gain management access,
where internal trace functions can be used. Against this, using criptography, done
either by hardware or software, outside of the network, is an effective solution. I
mean outside of the network by using an external agent to implement criptography,
presuming these can be more difficulty to compromise. Several vendors, like Racall for
an example, implement these solutions.
There could be some specific vulnerabilities on some vendor hardware, but I don't know
any of these. Maybe someone on the list can add to the discussion.
Thanx.
[Luciano A. C. Mello] I hope this helps. Regards.
application/ms-tnef
