Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GPRS_UMTS

From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Tue, 14 Oct 2008 22:23:47 +0400
Hi!

You can penetrate WAP proxy which is often component of such networks.
Also some providers can have intermediate devices which analyzes http
requests and charge traffic for commercial sites, for example with
content.
This can be the subject of analysis as well.  Attack GGSN - for IP
stack it is an ordinary router. Attack DNS.   Try to send spoofed
packets to your first hop. With wrong firewall settings they can reach
internal operators network.
Try to get technical or opensource mobile and attack PPP stack which
is a part of GPRS protocol.
Very interesting attack - you can try to reach other handsets
connected for example to WAP APN. In that case you will see IP of
devices, not computer which connects as in case ordinary GPRS. In case
you reach mobile devices over IP - there a lot of cases to try. Say
you can try utilize WAP PUSH or even OMA DM over UDP bearer! Or turn
in off by consuming all battery power.
Attack on MMS infrastructure in case you have access to it.


For a pity, I had no ability time to pen test gprs networks, but
google should show some attacks on GPRS and UMTS security.

See:
  http://gpaharenko.livejournal.com/3563.html#cutid1


I'm really interested in pen-testing mobile networks. Please let me
know if you reach some interesting results, and do spent time to share
it with community.

2008/10/14 Rafa <rafa.sgomez () gmail com>:

Hi all!

I am about to begin an audit of a client access to a GPRS / UMTS.
Could someone tell me where to find information about analysis of this
type of network? types of attacks? possible approaches? etc.

Thank you very much in advance!!

--
Rafa Sánchez
http://rafasec.blogspot.com (cc)
--





-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
http://www.linkedin.com/in/gpaharenko

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: