[VoiceOps] SS7

Sat Apr 23 13:15:05 EDT 2016

It is now possible to do it.  I'm not sure when it started but, I know
PB/SBC/ATT in CA. offered me SS7 connectivity many years ago.  I'm pretty
sure all of the Baby Bells now offer the service.  I am sure SNET does as
well.  Now the choice is up to you if you want them to see all of your
PSTN-bound traffic.  The technology still holds true that your SS7 provider
is all or nothing.  You can't have multiple SS7 providers yet.

Kidd

On Fri, Apr 22, 2016 at 7:28 PM, Christopher Aloi <ctaloi at gmail.com> wrote:

> I didn't realize you can now connect to another company without ordering
> the route-set from a third party. How does this work ? I feel old !
>
> On Fri, Apr 22, 2016 at 2:40 PM Kidd Filby <kiddfilby at gmail.com> wrote:
>
>> Very well said Mike.
>>
>> Back In The Day... Interconnection between 2 companies had to occur via a
>> 3rd party, like Illuminet.  Their had to be SS7 gateway providers and
>> that's all they were allowed to do.  Route SS7 traffic between
>> LEC/ILEC/CLEC networks.  Oh... do I remember the pains...
>> Gateway-Screened... CNAM database corruption, LIDB services not
>> provided.... Still makes my head hurt.
>>
>> Kidd
>>
>> On Fri, Apr 22, 2016 at 12:28 PM, Mike Ray, MBA, CNE, CTE <
>> mike at astrocompanies.com> wrote:
>>
>>> It seems to me that this SS7 vulnerability issue is just the latest
>>> result of all of the de-regulation that’s been going on for the past… two
>>> decades or so.  There was a time that you could not buy commercial access
>>> to the SS7 network; to get that access you had to be a real carrier.  Also,
>>> back at that time, inter-company SS7 signalling could only occur on
>>> established, ordered signaling routes where both parties placed an order to
>>> open the route between them.  Therefore, this would not have been possible
>>> back then because the carrier would not have ordered a route to the
>>> hacker’s point code(s) and it therefore would not exist.
>>>
>>>
>>>
>>> If I am a US local carrier in 2001, I have no need to order a signaling
>>> route to a German carrier either so even the hacker having full access to a
>>> German carrier’s network would not compromise my network. (in response to
>>> the nation-state issue)  To get a call to Germany, I signal to the access
>>> tandem or IXC switch I’ve chosen to interconnect with in the US and that
>>> switch signals upstream, etc.
>>>
>>>
>>>
>>> If we were not on this path of de-regulation where whatever makes
>>> commercial sense for one company can open up the whole SS7 network to
>>> un-trusted parties, we likely wouldn’t be here.  At some point, a decision
>>> was made somewhere to allow this loosy-goosy inter-company signaling over
>>> the SS7 network between two point codes that would not, under the original
>>> implementation of SS7, be able to talk to each other in the first place.
>>>
>>>
>>>
>>> If the drumbeat of “solve everything with IP!” continues, I hope that at
>>> least it gets solved by establishing something close to what the VPF was
>>> supposed to be, and not just a general dumping of all voice traffic across
>>> the internet between carriers.  That certainly wouldn’t bode well for
>>> reliability or security.
>>>
>>>
>>>
>>> Mike
>>>
>>>
>>>
>>> Mike Ray, MBA, CNE, CTE
>>>
>>> Astro Companies, LLC
>>>
>>> 11523 Palm Brush Trail #401
>>>
>>> Lakewood Ranch, FL  34202
>>>
>>> DIRECT: call or text 941 600-0207
>>>
>>> http://www.astrocompanies.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* VoiceOps [mailto:voiceops-bounces at voiceops.org] *On Behalf Of *Dan
>>> York
>>> *Sent:* Thursday, April 21, 2016 3:45 PM
>>> *To:* Kidd Filby <kiddfilby at gmail.com>
>>> *Cc:* voiceops at voiceops.org
>>> *Subject:* Re: [VoiceOps] SS7
>>>
>>>
>>>
>>> This is generally true if the calls are *unencrypted* on VoIP...
>>>
>>>
>>>
>>> On Thu, Apr 21, 2016 at 2:20 PM, Kidd Filby <kiddfilby at gmail.com> wrote:
>>>
>>>
>>>
>>> Also folks, don't forget, the same outcome of recording someone's call
>>> is MUCH easier to accomplish once it is VoIP.  IMHO, of course.  ;-)
>>>
>>>
>>>
>>> ... BUT... what's fascinating is the recent rise in end-to-end (e2e)
>>> encryption among IP-based communications platforms that include voice.
>>>
>>>
>>>
>>> WhatsApp, for instance, just completed the rollout of e2e encryption on
>>> April 5, and not just for messaging, but also for voice and video calls as
>>> well as file transfers (
>>> https://blog.whatsapp.com/10000618/end-to-end-encryption ).  Just
>>> yesterday the team behind Viber announced that they will soon have e2e
>>> encryption for all clients.  The app Wire ( http://wire.com ) also does
>>> e2e encryption for voice, video and group chats.
>>>
>>>
>>>
>>> In a US Congress hearing this week, a Congressman asked a Dept of
>>> Homeland Security representative if e2e encryption available in apps would
>>> have prevented this interception that happened via SS7. The DHS answer was
>>> that it would mitigate the interception of the content, although the
>>> location meta-data would still be available.  (You can view the exchange
>>> via the link in this tweet:
>>> https://twitter.com/csoghoian/status/722854012567969794 )
>>>
>>>
>>>
>>> The end result is that we're definitely moving to a space where the
>>> communication over IP-based solutions will wind up being far more secure
>>> than what we had before.
>>>
>>>
>>>
>>> Interesting times,
>>>
>>> Dan
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> Dan York
>>>
>>> dyork at lodestar2.com  +1-802-735-1624   Skype:danyork
>>>
>>> My writing -> http://www.danyork.me/
>>>
>>> http://www.danyork.com/
>>>
>>> http://twitter.com/danyork
>>>
>>> _______________________________________________
>>> VoiceOps mailing list
>>> VoiceOps at voiceops.org
>>> https://puck.nether.net/mailman/listinfo/voiceops
>>>
>>>
>>
>>
>> --
>> Kidd Filby
>> 661.557.5640 (C)
>> http://www.linkedin.com/in/kiddfilby
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>

-- 
Kidd Filby
661.557.5640 (C)
http://www.linkedin.com/in/kiddfilby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20160423/5c9020e6/attachment.html>