Detection Of Signaling System No.7 (Ss7) Attacks, Training Snort-Nids Over Malicious Traffic Patterns From Ss7 Attack Simulator In Wireshark

Abstract

In 1970s, roaming interconnection for cellular networks was designed for a few trusted parties without considering security as a major concern. Today same decades-old SS7 (Signalling System No 7) is a pillar for many roaming interconnections. Walled technology of SS7 has been proven as vulnerable to serious threats due to deregulation, expansion and confluence with IP-based LTE networks. Security researchers have recently demonstrated that vulnerabilities of roaming interconnections are being widely misused for gaining access to the core network. Although, LTE (Long Term Evolution) and Diameter Signaling promised high-speed data roaming and enhanced security over the air to keep abreast with the latest attack vectors, inherent flaws of roaming interconnection are still there. This thesis gives an insight of common attacks on SS7/Sigtran and compares SS7 with its successor Diameter protocol focusing security. It provides analysis of SS7 attack traffic inWireshark (packet capture tool) for malicious patterns to create rules in Snort IDS (Intrusion Detection System) for detection of common attacks