Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

Fri, May 17, 2024 at 12:01:14PM -0400, Sean Donelan: > > The FCC's job isn't to solve technical problems. > > Instead it is attempting to get CEOs, business managers and venture capital > firms to include these public policy requirements as part of their business > decision making. Impact

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On 5/18/24 9:25 PM, Jason Baugher wrote: As much as most of us would like to be 100% SIP, it's the big guys holding us back with legacy TDM networks and lata tandems. --- While not a Big Guy, Hawaiian Telcom is actively removing all

RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

John Levine said: > It appears that Brandon Martin said: >>I think the issue with their lack of effectiveness on spam calls is due >>to the comparatively small number of players in the PSTN (speaking of >>both classic TDM and modern IP voice-carrying and signaling networks) >>world allowing lots

RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On Thursday, May 16, 2024 6:18 PM, Brandon Martin wrote: > On 5/16/24 16:05, Josh Luthman wrote: >> The FCC has spent the last several years hounding us voice providers >> over spam calls. They've implemented laws. They have required us to >> do paperwork. Have they been successful in that

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today Keep mind rpki only solves misorigination. > I'm very well aware that RPKI only solves misorigination. But misorigination is a significant problem, so that's a good problem to be solved.

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On Fri, May 17, 2024 at 4:20 PM Tom Beecher wrote: > RPKI is not a good solution for all networks, especially those that are >> non-transit in nature and take reasonable mitigation actions like IRR >> prefix lists. >> > > Some of the largest , most impactful route leaks have come from >

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

> > RPKI is not a good solution for all networks, especially those that are > non-transit in nature and take reasonable mitigation actions like IRR > prefix lists. > Some of the largest , most impactful route leaks have come from non-transit networks reliant on IRR managed prefix lists. On Fri,

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On Fri, May 17, 2024 at 2:02 PM Sean Donelan wrote: > > Sigh, industry hasn't solved spoofing and routing insecurity in two > decades. If it was easy, everyone would have fixed it by now. > > Industry has been saying 'don't regulate us' for decades. I hope the regulations are more outcome

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

The FCC's job isn't to solve technical problems. Instead it is attempting to get CEOs, business managers and venture capital firms to include these public policy requirements as part of their business decision making. Impact business budgets and decision making to fix public problems.

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > -- > *From: *"Job Snijders via NANOG" > *To: *"Josh Luthman" > *Cc: *"NANOG [nanog@nanog.org]" > *Sent: *Thursday, May 16, 2024 3:

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

- Original Message - From: "Job Snijders via NANOG" To: "Josh Luthman" Cc: "NANOG [nanog@nanog.org]" Sent: Thursday, May 16, 2024 3:20:54 PM Subject: Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities On Thu, May 16, 2024 at 04:05:21PM -0400,

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

Sigh, industry hasn't solved spoofing and routing insecurity in two decades. If it was easy, everyone would have fixed it by now. Industry has been saying 'don't regulate us' for decades.

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On 5/16/24 21:53, Brandon Zhi wrote: Are APNs like a vpn for mobile devices to access the public internet? Based on the experience that I used Mobile roaming outside my country. The provider would connect back to the original country via local providers. When roaming, the home mobile

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On 5/16/24 6:55 PM, John Levine wrote: It appears that Brandon Martin said: I think the issue with their lack of effectiveness on spam calls is due to the comparatively small number of players in the PSTN (speaking of both classic TDM and modern IP voice-carrying and signaling networks)

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

It appears that Brandon Martin said: >I think the issue with their lack of effectiveness on spam calls is due >to the comparatively small number of players in the PSTN (speaking of >both classic TDM and modern IP voice-carrying and signaling networks) >world allowing lots of regulatory

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On 5/16/24 4:17 PM, Brandon Martin wrote: I think the issue with their lack of effectiveness on spam calls is due to the comparatively small number of players in the PSTN (speaking of both classic TDM and modern IP voice-carrying and signaling networks) world allowing lots of regulatory

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On Thu, May 16, 2024 at 07:17:37PM -0400, Brandon Martin wrote: > I suspect that's why we've had some success with getting BGP security > not just addressed in guidance but actually practically improved. Ben Cartwright-Cox's axiom (paraphrased): "The real reason the Internet works is that we want

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On 5/16/24 16:05, Josh Luthman wrote: The FCC has spent the last several years hounding us voice providers over spam calls.  They've implemented laws.  They have required us to do paperwork.  Have they been successful in that task? Now do you think they're going to properly understand what an

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

So the FCC is efficient enough to understand BGP vulnerabilities but not efficient enough to understand what a spam call is? On Thu, May 16, 2024 at 4:20 PM Job Snijders wrote: > On Thu, May 16, 2024 at 04:05:21PM -0400, Josh Luthman wrote: > > Now do you think they're going to properly

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On Thu, May 16, 2024 at 04:05:21PM -0400, Josh Luthman wrote: > Now do you think they're going to properly understand what an SS7 or > vulnerability is? The FCC organised several sessions (private and public) where they invited knowledgeable people from this community to help edifice them on what

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

The FCC has spent the last several years hounding us voice providers over spam calls. They've implemented laws. They have required us to do paperwork. Have they been successful in that task? Now do you think they're going to properly understand what an SS7 or vulnerability is? On Thu, May 16,

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

Are APNs like a vpn for mobile devices to access the public internet? Based on the experience that I used Mobile roaming outside my country. The provider would connect back to the original country via local providers. *Brandon Zhi* HUIZE LTD www.huize.asia | www.ixp.su |

Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

Should FCC focus on SS7 vulnerabilities or BGP vulnerabilities? https://www.404media.co/email/79f7367c-bd3c-4bff-ac9f-85c738d08bec/ https://www.fcc.gov/ecfs/document/10427582404839/1 Additional comments from Kevin Briggs: "I have seen what appears to be reliable information related to