date:20160421

Re: [VoiceOps] SS7

2016-04-21 Thread Kidd Filby

I purposely didn't even start down that road.  But, Yes, they most
certainly could, and for the most part would be easier.  All of the same
info rides the SigTran deployment as an SS7 A/E/F-Link, plus possibly
more depending on what type of messaging you're talking about.
However, it also lacks voice content, like the SS7 network.

Kidd

On Thu, Apr 21, 2016 at 4:27 PM, Jared Geiger  wrote:

> I haven't used SS7 in the voice world, only touched briefly on the
> messaging side of it. Would hackers be able to do the same similar attack
> via SIGTRAN? I would think it would be easier to get access to a poorly
> managed SIGTRAN device which would then give you SS7 access.
>
> Or even an Asterisk box running SS7 trunks.
>
> On Thu, Apr 21, 2016 at 1:00 PM, Dan York  wrote:
>
>> Joseph,
>>
>> I noticed that in Gmail (and perhaps other email systems), the longer
>> reply I wrote for Kidd was hidden because it appeared after his text.
>> Here's what I wrote...
>>
>> what's fascinating is the recent rise in end-to-end (e2e) encryption
>> among IP-based communications platforms that include voice.
>>
>> WhatsApp, for instance, just completed the rollout of e2e encryption on
>> April 5, and not just for messaging, but also for voice and video calls as
>> well as file transfers (
>> https://blog.whatsapp.com/1618/end-to-end-encryption ).  Just
>> yesterday the team behind Viber announced that they will soon have e2e
>> encryption for all clients.  The app Wire ( http://wire.com ) also does
>> e2e encryption for voice, video and group chats.
>>
>> In a US Congress hearing this week, a Congressman asked a Dept of
>> Homeland Security representative if e2e encryption available in apps would
>> have prevented this interception that happened via SS7. The DHS answer was
>> that it would mitigate the interception of the content, although the
>> location meta-data would still be available.  (You can view the exchange
>> via the link in this tweet:
>> https://twitter.com/csoghoian/status/722854012567969794 )
>>
>> The end result is that we're definitely moving to a space where the
>> communication over IP-based solutions will wind up being far more secure
>> than what we had before.
>>
>> Interesting times,
>> Dan
>>
>> On Thu, Apr 21, 2016 at 3:45 PM, Joseph Jackson > > wrote:
>>
>>> I don’t know many places that encrypt their voice traffic.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* VoiceOps [mailto:voiceops-boun...@voiceops.org] *On Behalf Of *Dan
>>> York
>>> *Sent:* Thursday, April 21, 2016 2:45 PM
>>> *To:* Kidd Filby
>>> *Cc:* voiceops@voiceops.org
>>> *Subject:* Re: [VoiceOps] SS7
>>>
>>>
>>>
>>> This is generally true if the calls are *unencrypted* on VoIP...
>>>
>>>
>>>
>>> On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby  wrote:
>>>
>>>
>>>
>>> Also folks, don't forget, the same outcome of recording someone's call
>>> is MUCH easier to accomplish once it is VoIP.  IMHO, of course.  ;-)
>>>
>>>
>>>
>>> ... BUT... what's fascinating is the recent rise in end-to-end (e2e)
>>> encryption among IP-based communications platforms that include voice.
>>>
>>>
>>>
>>> WhatsApp, for instance, just completed the rollout of e2e encryption on
>>> April 5, and not just for messaging, but also for voice and video calls as
>>> well as file transfers (
>>> https://blog.whatsapp.com/1618/end-to-end-encryption ).  Just
>>> yesterday the team behind Viber announced that they will soon have e2e
>>> encryption for all clients.  The app Wire ( http://wire.com ) also does
>>> e2e encryption for voice, video and group chats.
>>>
>>>
>>>
>>> In a US Congress hearing this week, a Congressman asked a Dept of
>>> Homeland Security representative if e2e encryption available in apps would
>>> have prevented this interception that happened via SS7. The DHS answer was
>>> that it would mitigate the interception of the content, although the
>>> location meta-data would still be available.  (You can view the exchange
>>> via the link in this tweet:
>>> https://twitter.com/csoghoian/status/722854012567969794 )
>>>
>>>
>>>
>>> The end result is that we're definitely moving to a space where the
>>> communication over IP-based solutions will wind up being far more secure
>>> than what we had before.
>>>
>>>
>>>
>>> Interesting times,
>>>
>>> Dan
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> Dan York
>>>
>>> dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
>>>
>>> My writing -> http://www.danyork.me/
>>>
>>> http://www.danyork.com/
>>>
>>> http://twitter.com/danyork
>>>
>>
>>
>>
>> --
>>
>> Dan York
>> dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
>> My writing -> http://www.danyork.me/
>> http://www.danyork.com/
>> http://twitter.com/danyork
>>
>> ___
>> VoiceOps mailing list
>> VoiceOps@voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>>
>
> ___
>

Re: [VoiceOps] SS7

2016-04-21 Thread Jared Geiger

I haven't used SS7 in the voice world, only touched briefly on the
messaging side of it. Would hackers be able to do the same similar attack
via SIGTRAN? I would think it would be easier to get access to a poorly
managed SIGTRAN device which would then give you SS7 access.

Or even an Asterisk box running SS7 trunks.

On Thu, Apr 21, 2016 at 1:00 PM, Dan York  wrote:

> Joseph,
>
> I noticed that in Gmail (and perhaps other email systems), the longer
> reply I wrote for Kidd was hidden because it appeared after his text.
> Here's what I wrote...
>
> what's fascinating is the recent rise in end-to-end (e2e) encryption among
> IP-based communications platforms that include voice.
>
> WhatsApp, for instance, just completed the rollout of e2e encryption on
> April 5, and not just for messaging, but also for voice and video calls as
> well as file transfers (
> https://blog.whatsapp.com/1618/end-to-end-encryption ).  Just
> yesterday the team behind Viber announced that they will soon have e2e
> encryption for all clients.  The app Wire ( http://wire.com ) also does
> e2e encryption for voice, video and group chats.
>
> In a US Congress hearing this week, a Congressman asked a Dept of Homeland
> Security representative if e2e encryption available in apps would have
> prevented this interception that happened via SS7. The DHS answer was that
> it would mitigate the interception of the content, although the location
> meta-data would still be available.  (You can view the exchange via the
> link in this tweet:
> https://twitter.com/csoghoian/status/722854012567969794 )
>
> The end result is that we're definitely moving to a space where the
> communication over IP-based solutions will wind up being far more secure
> than what we had before.
>
> Interesting times,
> Dan
>
> On Thu, Apr 21, 2016 at 3:45 PM, Joseph Jackson 
> wrote:
>
>> I don’t know many places that encrypt their voice traffic.
>>
>>
>>
>>
>>
>>
>>
>> *From:* VoiceOps [mailto:voiceops-boun...@voiceops.org] *On Behalf Of *Dan
>> York
>> *Sent:* Thursday, April 21, 2016 2:45 PM
>> *To:* Kidd Filby
>> *Cc:* voiceops@voiceops.org
>> *Subject:* Re: [VoiceOps] SS7
>>
>>
>>
>> This is generally true if the calls are *unencrypted* on VoIP...
>>
>>
>>
>> On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby  wrote:
>>
>>
>>
>> Also folks, don't forget, the same outcome of recording someone's call is
>> MUCH easier to accomplish once it is VoIP.  IMHO, of course.  ;-)
>>
>>
>>
>> ... BUT... what's fascinating is the recent rise in end-to-end (e2e)
>> encryption among IP-based communications platforms that include voice.
>>
>>
>>
>> WhatsApp, for instance, just completed the rollout of e2e encryption on
>> April 5, and not just for messaging, but also for voice and video calls as
>> well as file transfers (
>> https://blog.whatsapp.com/1618/end-to-end-encryption ).  Just
>> yesterday the team behind Viber announced that they will soon have e2e
>> encryption for all clients.  The app Wire ( http://wire.com ) also does
>> e2e encryption for voice, video and group chats.
>>
>>
>>
>> In a US Congress hearing this week, a Congressman asked a Dept of
>> Homeland Security representative if e2e encryption available in apps would
>> have prevented this interception that happened via SS7. The DHS answer was
>> that it would mitigate the interception of the content, although the
>> location meta-data would still be available.  (You can view the exchange
>> via the link in this tweet:
>> https://twitter.com/csoghoian/status/722854012567969794 )
>>
>>
>>
>> The end result is that we're definitely moving to a space where the
>> communication over IP-based solutions will wind up being far more secure
>> than what we had before.
>>
>>
>>
>> Interesting times,
>>
>> Dan
>>
>>
>>
>> --
>>
>>
>>
>> Dan York
>>
>> dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
>>
>> My writing -> http://www.danyork.me/
>>
>> http://www.danyork.com/
>>
>> http://twitter.com/danyork
>>
>
>
>
> --
>
> Dan York
> dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
> My writing -> http://www.danyork.me/
> http://www.danyork.com/
> http://twitter.com/danyork
>
> ___
> VoiceOps mailing list
> VoiceOps@voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
>
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

2016-04-21 Thread Dan York

Joseph,

I noticed that in Gmail (and perhaps other email systems), the longer reply
I wrote for Kidd was hidden because it appeared after his text.  Here's
what I wrote...

what's fascinating is the recent rise in end-to-end (e2e) encryption among
IP-based communications platforms that include voice.

WhatsApp, for instance, just completed the rollout of e2e encryption on
April 5, and not just for messaging, but also for voice and video calls as
well as file transfers (
https://blog.whatsapp.com/1618/end-to-end-encryption ).  Just yesterday
the team behind Viber announced that they will soon have e2e encryption for
all clients.  The app Wire ( http://wire.com ) also does e2e encryption for
voice, video and group chats.

In a US Congress hearing this week, a Congressman asked a Dept of Homeland
Security representative if e2e encryption available in apps would have
prevented this interception that happened via SS7. The DHS answer was that
it would mitigate the interception of the content, although the location
meta-data would still be available.  (You can view the exchange via the
link in this tweet: https://twitter.com/csoghoian/status/722854012567969794
)

The end result is that we're definitely moving to a space where the
communication over IP-based solutions will wind up being far more secure
than what we had before.

Interesting times,
Dan

On Thu, Apr 21, 2016 at 3:45 PM, Joseph Jackson 
wrote:

> I don’t know many places that encrypt their voice traffic.
>
>
>
>
>
>
>
> *From:* VoiceOps [mailto:voiceops-boun...@voiceops.org] *On Behalf Of *Dan
> York
> *Sent:* Thursday, April 21, 2016 2:45 PM
> *To:* Kidd Filby
> *Cc:* voiceops@voiceops.org
> *Subject:* Re: [VoiceOps] SS7
>
>
>
> This is generally true if the calls are *unencrypted* on VoIP...
>
>
>
> On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby  wrote:
>
>
>
> Also folks, don't forget, the same outcome of recording someone's call is
> MUCH easier to accomplish once it is VoIP.  IMHO, of course.  ;-)
>
>
>
> ... BUT... what's fascinating is the recent rise in end-to-end (e2e)
> encryption among IP-based communications platforms that include voice.
>
>
>
> WhatsApp, for instance, just completed the rollout of e2e encryption on
> April 5, and not just for messaging, but also for voice and video calls as
> well as file transfers (
> https://blog.whatsapp.com/1618/end-to-end-encryption ).  Just
> yesterday the team behind Viber announced that they will soon have e2e
> encryption for all clients.  The app Wire ( http://wire.com ) also does
> e2e encryption for voice, video and group chats.
>
>
>
> In a US Congress hearing this week, a Congressman asked a Dept of Homeland
> Security representative if e2e encryption available in apps would have
> prevented this interception that happened via SS7. The DHS answer was that
> it would mitigate the interception of the content, although the location
> meta-data would still be available.  (You can view the exchange via the
> link in this tweet:
> https://twitter.com/csoghoian/status/722854012567969794 )
>
>
>
> The end result is that we're definitely moving to a space where the
> communication over IP-based solutions will wind up being far more secure
> than what we had before.
>
>
>
> Interesting times,
>
> Dan
>
>
>
> --
>
>
>
> Dan York
>
> dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
>
> My writing -> http://www.danyork.me/
>
> http://www.danyork.com/
>
> http://twitter.com/danyork
>

-- 

Dan York
dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
My writing -> http://www.danyork.me/
http://www.danyork.com/
http://twitter.com/danyork
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

2016-04-21 Thread Joseph Jackson

I don’t know many places that encrypt their voice traffic.

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Dan York
Sent: Thursday, April 21, 2016 2:45 PM
To: Kidd Filby
Cc: voiceops@voiceops.org
Subject: Re: [VoiceOps] SS7

This is generally true if the calls are *unencrypted* on VoIP...

On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby 
> wrote:

Also folks, don't forget, the same outcome of recording someone's call is MUCH 
easier to accomplish once it is VoIP.  IMHO, of course.  ;-)

... BUT... what's fascinating is the recent rise in end-to-end (e2e) encryption 
among IP-based communications platforms that include voice.

WhatsApp, for instance, just completed the rollout of e2e encryption on April 
5, and not just for messaging, but also for voice and video calls as well as 
file transfers ( https://blog.whatsapp.com/1618/end-to-end-encryption ).  
Just yesterday the team behind Viber announced that they will soon have e2e 
encryption for all clients.  The app Wire ( http://wire.com ) also does e2e 
encryption for voice, video and group chats.

In a US Congress hearing this week, a Congressman asked a Dept of Homeland 
Security representative if e2e encryption available in apps would have 
prevented this interception that happened via SS7. The DHS answer was that it 
would mitigate the interception of the content, although the location meta-data 
would still be available.  (You can view the exchange via the link in this 
tweet: https://twitter.com/csoghoian/status/722854012567969794 )

The end result is that we're definitely moving to a space where the 
communication over IP-based solutions will wind up being far more secure than 
what we had before.

Interesting times,
Dan

--

Dan York
dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
My writing -> http://www.danyork.me/
http://www.danyork.com/
http://twitter.com/danyork
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

2016-04-21 Thread Dan York

This is generally true if the calls are *unencrypted* on VoIP...

On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby  wrote:

>
> Also folks, don't forget, the same outcome of recording someone's call is
> MUCH easier to accomplish once it is VoIP.  IMHO, of course.  ;-)
>

... BUT... what's fascinating is the recent rise in end-to-end (e2e)
encryption among IP-based communications platforms that include voice.

WhatsApp, for instance, just completed the rollout of e2e encryption on
April 5, and not just for messaging, but also for voice and video calls as
well as file transfers (
https://blog.whatsapp.com/1618/end-to-end-encryption ).  Just yesterday
the team behind Viber announced that they will soon have e2e encryption for
all clients.  The app Wire ( http://wire.com ) also does e2e encryption for
voice, video and group chats.

In a US Congress hearing this week, a Congressman asked a Dept of Homeland
Security representative if e2e encryption available in apps would have
prevented this interception that happened via SS7. The DHS answer was that
it would mitigate the interception of the content, although the location
meta-data would still be available.  (You can view the exchange via the
link in this tweet: https://twitter.com/csoghoian/status/722854012567969794
)

The end result is that we're definitely moving to a space where the
communication over IP-based solutions will wind up being far more secure
than what we had before.

Interesting times,
Dan

-- 

Dan York
dy...@lodestar2.com  +1-802-735-1624   Skype:danyork
My writing -> http://www.danyork.me/
http://www.danyork.com/
http://twitter.com/danyork
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

2016-04-21 Thread Peter E

It's been a decade since I've touched SS7, and I barely remember what I had for 
breakfast, so it's like it's all new to me again.

From what I read, it sounds like there may be a "proxy" function that can be 
injected which would bring both endpoints back to you so you can record both 
legs. The 60 Minutes piece shows exactly that. And, while it was done in 
seconds for TV, we all know there was a lot of prep work required ahead of time 
to make it that simple.

Question, though: does the proliferation of SMS gateway services open a 
security risk since they may be bridging IP to SS7?

On Apr 21, 2016, at 14:13, Paul Timmins  wrote:

You could do it by saying "hey, this handset is roaming on me" then directing 
the call back to the   handset in question, I figure. It would be inbound 
only intercept, but i could see that working.

-Paul

> On 04/21/2016 02:12 PM, Matthew Yaklin wrote:
> 
> The part I was curious about and perhaps someone can clarify who has more 
> knowledge than I is...
> 
> 
> It appears in order to record calls the attacker has to be in very close 
> proximity to the target. Like radio/tower range.
> 
> You cannot record a conversation half way across the world.
> 
> 
> Matt
> 
> 
> 
>
> From: VoiceOps  on behalf of Matthew Yaklin 
> 
> Sent: Thursday, April 21, 2016 2:09 PM
> To: Kidd Filby; Chris Aloi
> Cc: voiceops@voiceops.org
> Subject: Re: [VoiceOps] SS7
>  
> 
> Here is a paper that may shed some light on the discussion for the curious.
> 
> 
> https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225
> 
> SANS Institute InfoSec Reading Room
> www.sans.org
> The Fall of SS7 Ð How Can the Critical Security Controls Help? 4 " 
> #$$#%!&'()#*+!"#$$#%,-')#*./-#01,2'-! area notices this registration and 
> transfers to a Visitor ...
> 
> 
> 
> 
>  
> From: Kidd Filby 
> Sent: Thursday, April 21, 2016 2:01 PM
> To: Chris Aloi
> Cc: Matthew Yaklin; voiceops@voiceops.org
> Subject: Re: [VoiceOps] SS7
>  
> In a strictly TDM world, or conversation... having access to the SS7 network 
> gets you nothing but what and where the call traversed.  NO audio is carried 
> and without End Office controlling software for call routing, just dropping 
> it into some IP connection is not going to afford you anything other than 
> what you already have.  You still need access to the audio carrying 
> infrastructure of the network to get the audio.
> 
> I cannot comment on CALEA
> 
> Kidd
> 
>> On Thu, Apr 21, 2016 at 10:56 AM, Chris Aloi  wrote:
>> It looked like they had access to SS7 links 
>> (likely A links terminated to a physical server) and were using FreeSWITCH 
>> to somehow fork the media from the call and record it.  Just a guess based 
>> on  the quick console recording. 
>> 
>> Correct, SS7 doesn't carry the actual voice it 
>> handles the signaling to bring up the voice channels (by identifying be 
>> point code and CICs) and various other signaling bits.  Not sure if there 
>> are provisions for CALEA in SS7 that could fork a media stream or exactly 
>> how that would work.
>> 
>> So I guess the barrier to entry would be access to the SS7 network, not as 
>> easy as hopping on the Internet, but certainly not much of a challenge. 
>> 
>> ---
>> Christopher Aloi
>> Sent from my iPhone
>> 
>> On Apr 21, 2016, at 11:52 AM, Kidd Filby  wrote:
>> 
>>> There is no VOICE traversing the SS7 network, so you cannot possibly record 
>>> a conversation by having access to the SS7 network only.
>>> 
 On Thu, Apr 21, 2016 at 9:36 AM, Matthew Yaklin  
 wrote:
 
 In other words the hacker has to have working SS7 trunks or access to 
 someone who does? That is how I understood it.
 
 Not exactly a remote hack from mom's basement sort of thing.
 
 Matt
 
 
 From: VoiceOps  on behalf of Peter Rad. 
 
 Sent: Thursday, April 21, 2016 11:25 AM
 To: voiceops@voiceops.org
 Subject: [VoiceOps] SS7
 
 FYI...
 
   U.S. carriers mum on 60 Minutes report on vulnerability in SS7 -
 http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19
 
 Regards,
 
 Peter Radizeski
 RAD-INFO, Inc.
 813.963.5884
 http://rad-info.net
 * Need bandwidth or colocation? call me
 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops
 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops
>>> 
>>> 
>>>

Re: [VoiceOps] SS7

2016-04-21 Thread Paul Timmins

You could do it by saying "hey, this handset is roaming on me" then 
directing the call back to the handset in question, I figure. It would 
be inbound only intercept, but i could see that working.


-Paul

On 04/21/2016 02:12 PM, Matthew Yaklin wrote:



The part I was curious about and perhaps someone can clarify who has 
more knowledge than I is...



It appears in order to record calls the attacker has to be in very 
close proximity to the target. Like radio/tower range.


You cannot record a conversation half way across the world.


Matt




*From:* VoiceOps  on behalf of Matthew 
Yaklin 

*Sent:* Thursday, April 21, 2016 2:09 PM
*To:* Kidd Filby; Chris Aloi
*Cc:* voiceops@voiceops.org
*Subject:* Re: [VoiceOps] SS7


Here is a paper that may shed some light on the discussion for the 
curious.



https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225

SANS Institute InfoSec Reading Room 


www.sans.org
The Fall of SS7 Ð How Can the Critical Security Controls Help? 4 " 
#$$#%!&'()#*+!"#$$#%,-')#*./-#01,2'-! area notices this registration 
and transfers to a Visitor ...







*From:* Kidd Filby 
*Sent:* Thursday, April 21, 2016 2:01 PM
*To:* Chris Aloi
*Cc:* Matthew Yaklin; voiceops@voiceops.org
*Subject:* Re: [VoiceOps] SS7
In a strictly TDM world, or conversation... having access to the SS7 
network gets you nothing but what and where the call traversed.  NO 
audio is carried and without End Office controlling software for call 
routing, just dropping it into some IP connection is not going to 
afford you anything other than what you already have.  You still need 
access to the audio carrying infrastructure of the network to get the 
audio.


I cannot comment on CALEA

Kidd

On Thu, Apr 21, 2016 at 10:56 AM, Chris Aloi > wrote:


It looked like they had access to SS7 links (likely A links
terminated to a physical server) and were using FreeSWITCH to
somehow fork the media from the call and record it.  Just a guess
based on  the quick console recording.

Correct, SS7 doesn't carry the actual voice it handles the
signaling to bring up the voice channels (by identifying be point
code and CICs) and various other signaling bits.  Not sure if
there are provisions for CALEA in SS7 that could fork a media
stream or exactly how that would work.

So I guess the barrier to entry would be access to the SS7
network, not as easy as hopping on the Internet, but certainly not
much of a challenge.

---
Christopher Aloi
Sent from my iPhone

On Apr 21, 2016, at 11:52 AM, Kidd Filby > wrote:


There is no VOICE traversing the SS7 network, so you cannot
possibly record a conversation by having access to the SS7
network only.

On Thu, Apr 21, 2016 at 9:36 AM, Matthew Yaklin
> wrote:


In other words the hacker has to have working SS7 trunks or
access to someone who does? That is how I understood it.

Not exactly a remote hack from mom's basement sort of thing.

Matt


From: VoiceOps > on behalf of Peter
Rad. >
Sent: Thursday, April 21, 2016 11:25 AM
To: voiceops@voiceops.org 
Subject: [VoiceOps] SS7

FYI...

  U.S. carriers mum on 60 Minutes report on vulnerability in
SS7 -

http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19

Regards,

Peter Radizeski
RAD-INFO, Inc.
813.963.5884 
http://rad-info.net
* Need bandwidth or colocation? call me
___
VoiceOps mailing list
VoiceOps@voiceops.org 
https://puck.nether.net/mailman/listinfo/voiceops
___
VoiceOps mailing list
VoiceOps@voiceops.org 
https://puck.nether.net/mailman/listinfo/voiceops




-- 
Kidd Filby

661.557.5640  (C)
http://www.linkedin.com/in/kiddfilby
___
VoiceOps mailing list
VoiceOps@voiceops.org 
https://puck.nether.net/mailman/listinfo/voiceops





--
Kidd Filby

Re: [VoiceOps] SS7

2016-04-21 Thread Matthew Yaklin

The part I was curious about and perhaps someone can clarify who has more 
knowledge than I is...

It appears in order to record calls the attacker has to be in very close 
proximity to the target. Like radio/tower range.

You cannot record a conversation half way across the world.

Matt

From: VoiceOps  on behalf of Matthew Yaklin 

Sent: Thursday, April 21, 2016 2:09 PM
To: Kidd Filby; Chris Aloi
Cc: voiceops@voiceops.org
Subject: Re: [VoiceOps] SS7

Here is a paper that may shed some light on the discussion for the curious.

https://www.sans.org/reading-room/whitepapers/critical/fall-ss7--critical-security-controls-help-36225

SANS Institute InfoSec Reading 
Room
www.sans.org
The Fall of SS7 Ð How Can the Critical Security Controls Help? 4 " 
#$$#%!&'()#*+!"#$$#%,-')#*./-#01,2'-! area notices this registration and 
transfers to a Visitor ...

From: Kidd Filby 
Sent: Thursday, April 21, 2016 2:01 PM
To: Chris Aloi
Cc: Matthew Yaklin; voiceops@voiceops.org
Subject: Re: [VoiceOps] SS7

In a strictly TDM world, or conversation... having access to the SS7 network 
gets you nothing but what and where the call traversed.  NO audio is carried 
and without End Office controlling software for call routing, just dropping it 
into some IP connection is not going to afford you anything other than what you 
already have.  You still need access to the audio carrying infrastructure of 
the network to get the audio.

I cannot comment on CALEA

Kidd

On Thu, Apr 21, 2016 at 10:56 AM, Chris Aloi 
> wrote:
It looked like they had access to SS7 links (likely A links terminated to a 
physical server) and were using FreeSWITCH to somehow fork the media from the 
call and record it.  Just a guess based on  the quick console recording.

Correct, SS7 doesn't carry the actual voice it handles the signaling to bring 
up the voice channels (by identifying be point code and CICs) and various other 
signaling bits.  Not sure if there are provisions for CALEA in SS7 that could 
fork a media stream or exactly how that would work.

So I guess the barrier to entry would be access to the SS7 network, not as easy 
as hopping on the Internet, but certainly not much of a challenge.

---
Christopher Aloi
Sent from my iPhone

On Apr 21, 2016, at 11:52 AM, Kidd Filby 
> wrote:

There is no VOICE traversing the SS7 network, so you cannot possibly record a 
conversation by having access to the SS7 network only.

On Thu, Apr 21, 2016 at 9:36 AM, Matthew Yaklin 
> wrote:

In other words the hacker has to have working SS7 trunks or access to someone 
who does? That is how I understood it.

Not exactly a remote hack from mom's basement sort of thing.

Matt

From: VoiceOps 
> on behalf 
of Peter Rad. >
Sent: Thursday, April 21, 2016 11:25 AM
To: voiceops@voiceops.org
Subject: [VoiceOps] SS7

FYI...

  U.S. carriers mum on 60 Minutes report on vulnerability in SS7 -
http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19

Regards,

Peter Radizeski
RAD-INFO, Inc.
813.963.5884
http://rad-info.net
* Need bandwidth or colocation? call me
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

--
Kidd Filby
661.557.5640 (C)
http://www.linkedin.com/in/kiddfilby
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

--
Kidd Filby
661.557.5640 (C)
http://www.linkedin.com/in/kiddfilby
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?

2016-04-21 Thread Brooks Bridges

Thank you to everyone that provided useful suggestions.  I've reached out to a 
couple of recommended vendors that appear to have the solutions I'm looking for.

Brooks Bridges | Sr. Voice Services Engineer
O1 Communications
5190 Golden Foothill Pkwy
El Dorado Hills, CA 95762
office: 916.235.2097 | main: 888.444., Option 2
email: bbrid...@o1.com | web: 
www.o1.com

From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Brooks 
Bridges
Sent: Wednesday, April 20, 2016 2:54 PM
To: voiceops@voiceops.org
Subject: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?

Looking for suggestions for NEBS compliant gear that can support SS7, handle 
OC-3 or higher levels of channels, and can support (in aggregate) up to around 
500 cps through a *good* (key word) SIP interface.  I'm willing to entertain 
the idea of a single larger device that can take a full OC-48 and support the 
full 500 cps, but I'd prefer spread the load across multiple devices and 
smaller interfaces for load balancing and redundancy.

Any pointers?  Obviously there are products out there by the really big 
players, but I'd really rather not have to drop 7 figures on this project 
unless I have to.

Thanks!

Brooks Bridges | Sr. Voice Services Engineer
O1 Communications
5190 Golden Foothill Pkwy
El Dorado Hills, CA 95762
office: 916.235.2097 | main: 888.444., Option 2
email: bbrid...@o1.com | web: 
www.o1.com

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

2016-04-21 Thread Kidd Filby

There is no VOICE traversing the SS7 network, so you cannot possibly record
a conversation by having access to the SS7 network only.

On Thu, Apr 21, 2016 at 9:36 AM, Matthew Yaklin 
wrote:

>
> In other words the hacker has to have working SS7 trunks or access to
> someone who does? That is how I understood it.
>
> Not exactly a remote hack from mom's basement sort of thing.
>
> Matt
>
> 
> From: VoiceOps  on behalf of Peter Rad. <
> pe...@4isps.com>
> Sent: Thursday, April 21, 2016 11:25 AM
> To: voiceops@voiceops.org
> Subject: [VoiceOps] SS7
>
> FYI...
>
>   U.S. carriers mum on 60 Minutes report on vulnerability in SS7 -
>
> http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19
>
> Regards,
>
> Peter Radizeski
> RAD-INFO, Inc.
> 813.963.5884
> http://rad-info.net
> * Need bandwidth or colocation? call me
> ___
> VoiceOps mailing list
> VoiceOps@voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
> ___
> VoiceOps mailing list
> VoiceOps@voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>



-- 
Kidd Filby
661.557.5640 (C)
http://www.linkedin.com/in/kiddfilby
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

2016-04-21 Thread Matthew Yaklin


In other words the hacker has to have working SS7 trunks or access to someone 
who does? That is how I understood it. 

Not exactly a remote hack from mom's basement sort of thing.

Matt


From: VoiceOps  on behalf of Peter Rad. 

Sent: Thursday, April 21, 2016 11:25 AM
To: voiceops@voiceops.org
Subject: [VoiceOps] SS7

FYI...

  U.S. carriers mum on 60 Minutes report on vulnerability in SS7 -
http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19

Regards,

Peter Radizeski
RAD-INFO, Inc.
813.963.5884
http://rad-info.net
* Need bandwidth or colocation? call me
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

[VoiceOps] SS7

2016-04-21 Thread Peter Rad.


FYI...

 U.S. carriers mum on 60 Minutes report on vulnerability in SS7 -
http://www.fiercewireless.com/story/us-carriers-mum-60-minutes-report-vulnerability-ss7/2016-04-19

Regards,

Peter Radizeski
RAD-INFO, Inc.
813.963.5884
http://rad-info.net
* Need bandwidth or colocation? call me
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?

2016-04-21 Thread Anthony Orlando via VoiceOps

When was that?  1999?

Sent from my iPhone

> On Apr 20, 2016, at 10:41 PM, Alex Balashov  wrote:
> 
> ‎Having seen GSXs knocked over with 100-200 CPS, I'd be inclined to even 
> question that, though I don't doubt Sonus and friends make a big enough box 
> for those walking in with a lotter winner-sized novelty check.
> ‎
> --
> Alex Balashov | Principal | Evariste Systems LLC
> 1447 Peachtree Street NE, Suite 700
> Atlanta, GA 30309
> United States
> 
> Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
> 
> Sent from my BlackBerry.
>   Original Message  
> From: Paul Timmins
> Sent: Wednesday, April 20, 2016 23:36
> To: Brooks Bridges
> Cc: voiceops@voiceops.org
> Subject: Re: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?
> 
> ___
> VoiceOps mailing list
> VoiceOps@voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?

2016-04-21 Thread Anthony Orlando via VoiceOps

Avoid Meta at all cost. 

Sent from my iPhone

> On Apr 20, 2016, at 10:35 PM, Paul Timmins  wrote:
> 
> You're going to handle 500CPS of legacy sonet based TDM and question dropping 
> 7 figures on the solution? *cringes*
> 
> This is literally what platforms like metaswitch, sonus and many others are 
> made for. If you're looking for low cost, Taqua's solution is decent, and if 
> you need to take that entire OC-48, you're all but eyeballs deep in Sonus or 
> Metaswitch land.
> 
> -Paul
> 
>> On Apr 20, 2016, at 17:54, Brooks Bridges  wrote:
>> 
>> Looking for suggestions for NEBS compliant gear that can support SS7, handle 
>> OC-3 or higher levels of channels, and can support (in aggregate) up to 
>> around 500 cps through a *good* (key word) SIP interface.  I’m willing to 
>> entertain the idea of a single larger device that can take a full OC-48 and 
>> support the full 500 cps, but I’d prefer spread the load across multiple 
>> devices and smaller interfaces for load balancing and redundancy.
>>  
>> Any pointers?  Obviously there are products out there by the really big 
>> players, but I’d really rather not have to drop 7 figures on this project 
>> unless I have to.
>>  
>> Thanks!
>>  
>> Brooks Bridges | Sr. Voice Services Engineer
>> O1 Communications
>> 5190 Golden Foothill Pkwy
>> El Dorado Hills, CA 95762
>> office: 916.235.2097 | main: 888.444., Option 2
>> email: bbrid...@o1.com | web: www.o1.com
>>  
>> ___
>> VoiceOps mailing list
>> VoiceOps@voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
> 
> ___
> VoiceOps mailing list
> VoiceOps@voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

Re: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?

Re: [VoiceOps] SS7

Re: [VoiceOps] SS7

[VoiceOps] SS7

Re: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?

Re: [VoiceOps] Recommendations for high-cps SS7 OC-X gear?

14 matches

Site Navigation

Mail list logo

Footer information