Philippe Langlois: SCTPscan - Finding entry points tSS7 Networks & Telecommunication Backbones

"SS7 has been a walled garden for a long time: only big telcwould be interconnected tthe network. Due tderegulation and a push toward all-IP architecture, SS7 is opening up, notably with SIGTRAN (SS7 over IP) and NGN (Next Gen Networks) initiatives.
SCTP is the protocol used tcarry all telecom signalling information on IP according tthe SIGTRAN protocol suite. It's the foundation, as TCP is the foundation for the web and email. SCTP is alsused for high-performance clusters, resources pooling and very high-speed file transfer.
When you discover open SCTP ports, you discover a secret door tthis walled garden. As a walled garden, the internal security of the SS7 network is not as good as one might expect. SCTPscan is a tool tdexactly just that, and is released as open source.
This presentation will explain how SCTPscan manages tscan without being detected by remote application, how discrepancies between RFC and implementation enable us tscan more efficiently and how we manage tscan without even being detect by systems like SANS - Dshield.org. Here we will have a look at INIT packet construction, stealth scanning and a beginning of SCTP fingerprinting.
Then, we gon tdetail upper layer protocols that use SCTP and the potentials of the SIGTRAN protcol suite in term of security. We'll see the M2UA, M3UA, M2PA, IUA which are SIGTRAN-specific protocols, and alsthe more generic SS7 protocols such as ISUP, BICC, BSSAP, TCAP, SCCP and MTP. "
"Philippe Langlois is a founder and Senior Security Consultant for Telecom Security Task Force, a research and consultancy outfit.
He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF).
He founded Qualys in 1999 and led the R&D for this world-leading vulnerability assessment service.
He founded Intrinsec, a pioneering network security company in 1995, as well as Worldnet, France's first public Internet service provider, in 1993.
He has proven expertise in network security, from Internet tless well known networks - X25 and other legacy systems mostly used in banking, travel and finance.
Philippe was alslead designer for Payline, one of the first e-commerce payment gateways on Internet. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (RSA, COMDEX, Interop).
Philippe Langlois is a regular contributor of french-speaking security portal vulnerabilite.com. and a writer for ITaudit, the magazine of the International Association of Internal Auditors.
Samples of the missions he has been involved with are Penetration Testing contract on multi-million live users infrastructures such as Telecom operators GSM backbone, due diligence for M&A, security architecture audits, product security analysis and advisory."