Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• Partition: some portion of the network believes that it is partitioned from<br />
the rest of the network when it is not,<br />
• Churn: the forward<strong>in</strong>g <strong>in</strong> the network changes (unnecessarily) at a rapid<br />
pace, result<strong>in</strong>g <strong>in</strong> large variations <strong>in</strong> the data delivery patterns (and<br />
adversely affect<strong>in</strong>g congestion control techniques),<br />
• Instability: the protocol becomes unstable so that convergence on a global<br />
forward<strong>in</strong>g state is not achieved, and<br />
• Overload: the protocol messages themselves become a significant portion<br />
of the traffic the network carries.<br />
The damage that might result from attacks aga<strong>in</strong>st a particular host or network<br />
address may <strong>in</strong>clude:<br />
• Starvation: data traffic dest<strong>in</strong>ed for the network or host is forwarded to a<br />
part of the network that cannot deliver it,<br />
• Eavesdrop: data traffic is forwarded through some router or network that<br />
would otherwise not see the traffic, afford<strong>in</strong>g an opportunity to see the<br />
data or at least the data delivery pattern,<br />
• Cut: some portion of the network believes that it has no route to the host<br />
or network when it is <strong>in</strong> fact connected,<br />
• Delay: data traffic dest<strong>in</strong>ed for the network or host is forwarded along a<br />
route that is <strong>in</strong> some way <strong>in</strong>ferior to the route it would otherwise take,<br />
• Loop<strong>in</strong>g: data traffic for the network or host is forwarded along a route<br />
that loops, so that the data is never delivered.” (Quoted from Section<br />
3.1.2.1 of reference A-15.)<br />
A.3.3 DISRUPTING NETWORK MANAGEMENT.<br />
The threats described <strong>in</strong> the previous subsection directly affect network functions other than<br />
rout<strong>in</strong>g. For example, the network management subsystem with<strong>in</strong> that AS may be rendered<br />
<strong>in</strong>effective (and <strong>in</strong>operable) simply because the mechanisms for identify<strong>in</strong>g or resolv<strong>in</strong>g the<br />
result<strong>in</strong>g network problems that were created by a compromised router have been subverted.<br />
That is, network management is dependent upon the viability of the underly<strong>in</strong>g rout<strong>in</strong>g system.<br />
For example, if the audit records of a compromised router have been modified to erase the<br />
attacker’s presence, the network manager will have reduced basis for network fault management<br />
s<strong>in</strong>ce he (or she) would be unable to identify which system was the corrupted one. This is<br />
particularly the case with<strong>in</strong> mobile wireless networks, where network performance may be<br />
A-17