2011/9/8 Atıf CEYLAN <[email protected]>: > Merhabalar, > son zamanlarda neredeyse kesintisiz ddos aliyoruz. Ancak ilgimi ceken bir > konu var. Saldirganlardan bir bolumunu, GSM operatorlarinin /16 networkleri > icindeki yuzlerce ip adresleri olusturuyor. gsm operatorleri ip adreslerini > neye gore dagitiyorlar? Elimdeki bilgi, birbirlerine yakin bolgedeki > saldirganlari mi verir? (cografi veritabanlarindan malesef sadece > sehirlerine ulasabiliyorum.)
Hello Atıf Firstly, I apologize for responding in English.. If you think you are receiving malicious traffic from a Kirmizi GSM operator, please contact me privately and I will see if I can help you.. To answer your question, GSM "packet" networks are managed by one or more access servers called a GGSN (See http://code.peternixon.net/packetdata/wiki/GGSN ) which are quite similar to the BRAS run by DSL operators, although GGSNs obviously have extra GSM specific intelligence. Operators usually have only a few GGSNs for a country like Turkey (less than 20) which means that each GGSN typically has several hundred thousand active sessions and therefore serves several /16 IP blocks. This means that under normal circumstances all subscribers on the same /16 IP block will be from the same region or city, but from an IP perspective the exact location on the radio network is unimportant and a subscriber from Izmit may have an IP address next to a subscriber from Gunesli. It is even possible for a subscriber from Ankara to drive to Istanbul and still be connected to the Ankara GGSN and there using an IP from the Ankara IP pool, and access the internet via the Ankara internet router... I hope this helps explain things Regads -- Peter Nixon http://peternixon.net/ "Normal people believe that if it ain't broke, don't fix it. Engineers believe that if it ain't broke, it doesn't have enough features yet" Scott Adams _______________________________________________ Linux-guvenlik mailing list [email protected] https://liste.linux.org.tr/mailman/listinfo/linux-guvenlik Liste kurallari: http://liste.linux.org.tr/kurallar.php
