P1 Security will be presenting at the HITBSecConf on Attacking The GPRS Roaming eXchange (GRX).
In this presentation, we’ll see how GRX/GPRS infrastructure is protected and how it can be attacked. We’ll discover the issues with specific telco equipment inside GRX, namely GGSN and SGSN but also now PDN Gateways in LTE and LTE Advanced “Evolved Packet Core”. We will see the implications of this with GTP protocol, DNS infrastructure, AAA servers and core network technologies such as MPLS, IPsec VPNs and their associated routing protocols. These network elements were rarely evaluated for security, and during our engagements with vulnerability analysis, we’ve seen several vulnerabilities that we will be showing in this speech.
We will demo some of the attacks on a simulated “PS Domain” network, that is the IP part of the Telecom Core Network that transports customers’ traffic, and investigate its relationships with legacy SS7, SIGTRAN IP backbones, M2M private corporate VPNs and telecom billing systems. We will also seem how automation enable us to succeed at attacks which are hard to perform and will show how a “sentinel” attack was able to compromise a telecom Core Network during one penetration test.
P1 Security will be presenting a conference at Hack.lu 2011 on Denial of Services in Telecom operators and infrastructures, Banks and Internet Applications. We’ll present real world example and new techniques of how DoS is conducted in 2011. This is not about DDoS, botnet and zombies. We will focus on new attacks that target Telecom operators, ISPs, Banks and important applications. Sadly there are many simple ways to take down telecom, banking and internet infrastructure. We will present some generalized approach to these new form of Denial of Service and tools / examples. There will be notably some example of Denial of Service in NGN, LTE Advanced as well as in legacy SS7. Some demo and examples of our QuantSS7 tools will be presented as well as demo of PTA for Availability.
P1 Security Telecom Auditor (PTA) just got a new network mapping visualization technology. This enables better visualization of network topologies according to either the 3-8-3 address formatting or the 5-4-5 formatting. You get instant understanding of the network planning and topology, directly from the generated network maps during the audit.
The main problem with SS7 networks is that many different vendor provided the equipments, systems and network elements that constitute the network; many consultants deployed these with their own way of configuring systems and as a result, nobody has a clear view of the resulting SS7 network. PTA helps keeping a clear view on what is going on in the SS7 network.
This technology is available in PTA for all current users and for commercial licensing as OEM provider for software vendors. Contact us for more information.
How many times did you use ipcalc in a pentest? Now you have the same thing for SS7 networking: ss7calc. Check our Tools page for our fresh project just released on Github.
This utility was created due to the high number of SS7 point codes conversions we had to do during the last SS7 Core Network audit. Online converters are nice but definitely lack scripting-friendliness. Now we share it with the community.
