Telecommuncations Penetration Testing
102 views
Skip to first unread message
rahul choudhary
Oct 7, 2014, 2:30:19 PM10/7/14
to null-...@googlegroups.com
Hi,
I am interested to know if anyone have perform penetration testing activity on telecommunication networks (2G,3G,MSC,SMSC ... ) nodes.
What tools / testing scenarios can be taken out to carry out testing activity.
Any good resource/ directions would be useful.
If anyone has perform the testing and can have word over call then kindly provide your contact details as well.
Thanks !!
I am interested to know if anyone have perform penetration testing activity on telecommunication networks (2G,3G,MSC,SMSC ... ) nodes.
What tools / testing scenarios can be taken out to carry out testing activity.
Any good resource/ directions would be useful.
If anyone has perform the testing and can have word over call then kindly provide your contact details as well.
Thanks !!
Javed KHAN
Oct 12, 2014, 7:37:36 AM10/12/14
to null-...@googlegroups.com
Hi Rahul,
After 2011 DOT guideline Telecom Company start taking care of Information security of there nodes, but still nodes like MSS, BSS, OSS, HLR etc. are vulnerable with common vulnerabilities.
Telecom devices are not ready for penetration testing still there is a huge scope of hardening patching and basic security implementation.
As availability of devices are major concern and they are still not patched or well configured, i advice you to go for hardening before conducting any kind of assessment.
Feel free to contact back i already did PT and hardening for telecom devices for major vendors.
Regards
Javed Khan
Abeer Banerjee
Oct 12, 2014, 11:58:07 AM10/12/14
to null-...@googlegroups.com
Hi Javed,
Could you discuss test cases which were performed n PT and what was used for PT in terms of hardware/software?
Could you discuss test cases which were performed n PT and what was used for PT in terms of hardware/software?
Regards,
Abir
--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Javed KHAN
Oct 13, 2014, 7:47:04 AM10/13/14
to null-...@googlegroups.com
3rd Generation Partnership Project (3GPP) publish number of document from phase 1(GSM )to Release 10 (for LTE) you need dig in to it to find relevant data which talk about our domain.
sample links
If you want to test radio part of Telecom there are very few open source tool:-
SCTPscan – SCTP network and port scanner. SCTP is the transport protocol for Telecom Core Network signalling.
pySCTP – SCTP support for Python (C bindings, Python library, tests).
Dialogic Compagnon – Tool to help troubleshooting Dialogic SS7 debug messages.
ss7calc – Calculate and convert SS7 Signaling Point Code (SPC).
airprobe, SIMtrace, OpenBSC, OsmcoomBB, SIMtrace, OsmoSGSN, OsmoBTS, OsmoSDR, etc
P1 TELECOM AUDITOR (PTA), P1 Compliance Configuration (PCC), Security VAS (SVAS), P1 Telecom Fuzzer (PTF) are tools paid tools provided by P1 security paid tools which are good but costly which not Indian Telecom company nor consultancies are ready to pay
Although as per my experience except few vendor like Nokia major Telecom node vendor like Huawei, ZTE, Ericsson, use either Linux/Windows OS or there strip custom variant as there base OS to host there application which can be easily test using normal N/W PT tools.
Regards
Javed Khan
Reply all
Reply to author
Forward
0 new messages