From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rjmcmahon@rjmcmahon.com>
Received: from bobcat.rjmcmahon.com (bobcat.rjmcmahon.com [45.33.58.123])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 697833B29E
 for <nnagain@lists.bufferbloat.net>; Fri, 14 Mar 2025 14:53:29 -0400 (EDT)
Received: from mail-oo1-f51.google.com (mail-oo1-f51.google.com
 [209.85.161.51])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by bobcat.rjmcmahon.com (Postfix) with ESMTPSA id 7472523BF0
 for <nnagain@lists.bufferbloat.net>; Fri, 14 Mar 2025 11:53:28 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bobcat.rjmcmahon.com 7472523BF0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rjmcmahon.com;
 s=bobcat; t=1741978408;
 bh=lF3Yzfa9U3gI0I5EaSQ6PSf55jxF/3VQQxNfO7ZrwWs=;
 h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
 b=ViTyJKA9BvjrIT3/7NxGodHthUpTQTlY0XRTVOpBD9O+I7NNgJymsJRHTzauTh5Oq
 k/K5IUxI2HDED9bpBFcfNZkNOsOkZXVh9jxrXhvrSF8TzAsfYNQi+0DaRYDz3xj4iU
 xUY/qcTQDSBwFawLDiN0eUo/jZdE4q11URAuSgOo=
Received: by mail-oo1-f51.google.com with SMTP id
 006d021491bc7-601a8b6c133so1584318eaf.1
 for <nnagain@lists.bufferbloat.net>; Fri, 14 Mar 2025 11:53:28 -0700 (PDT)
X-Gm-Message-State: AOJu0Yzu/pytRIJ0WQXXTDUC2tul+3GdjK2zsuZuypryaE+vdGcLEP6t
 pCt/89SYDlG2ccwiSguKo76J1pt06wJ7AXF1vfeG2xOU5OQftLK/i/zNiVpQ5c/fRVIw4PtfhZK
 jdSgs90p7MadlZmiweXvrF0ECcCY=
X-Google-Smtp-Source: AGHT+IHl1TgOfLt0EyPkUiWwSdc3qohqb12GaNn8T6sQ0SMdPMMzEr8nCB7+XznpGrrdvlq/1AHw/kA0pzTcnX6Dh6w=
X-Received: by 2002:a05:6808:3507:b0:3f3:fe04:f86 with SMTP id
 5614622812f47-3fdeae4b6c6mr1792845b6e.0.1741978407766; Fri, 14 Mar 2025
 11:53:27 -0700 (PDT)
MIME-Version: 1.0
References: <CAA93jw6z7H5SPRt5VK0zoLFWf2WDeBsLTvpWWwWcL7O_KLukwQ@mail.gmail.com>
 <IA0PR12MB7751F7EF224FEB158C74A0DE8AD32@IA0PR12MB7751.namprd12.prod.outlook.com>
 <CAEBrVk7WoBiq3PBqKtbefHMV1w72h=U_LEbpHU_b-LJm4Pv9-A@mail.gmail.com>
 <CAJUtOOi292ptYOjmfFjzfFG2nuTecGkZ=8V_hoJC5W28UpOsJA@mail.gmail.com>
 <CAEBrVk7QE24O_EfHe-ndsWVLZz5U-DU6D7ejz=o2nMQZ0LvcXQ@mail.gmail.com>
 <CA+aeVP8aV-qzdZnh5yzBHPe7Qd6FnGP=tT_kK5LmA9tE5R=sYw@mail.gmail.com>
 <CAEBrVk5QV5EM6is=2of+cj43XWfUvaoFmSgOvHRE5N4XsW4GxA@mail.gmail.com>
 <CA+aeVP-3kvi2X+BZ5dhyVWDV1jV02yOx=-mkEAGWaMiapQYaOA@mail.gmail.com>
 <55d2836a4fe4c6cf9e2b4d953b62f6c62f0e73c3.camel@tara.sh>
In-Reply-To: <55d2836a4fe4c6cf9e2b4d953b62f6c62f0e73c3.camel@tara.sh>
From: Robert McMahon <rjmcmahon@rjmcmahon.com>
Date: Fri, 14 Mar 2025 11:53:16 -0700
X-Gmail-Original-Message-ID: <CAEBrVk6H61cnRSSdVvO=Fk=41USm93wNXE14ARXE7EPF-x2swA@mail.gmail.com>
X-Gm-Features: AQ5f1Jr6omEcPzU2R-_ao47mW_MZ77ncrxqo8zW4tyOcJigXhLqolHhp3NVYeqM
Message-ID: <CAEBrVk6H61cnRSSdVvO=Fk=41USm93wNXE14ARXE7EPF-x2swA@mail.gmail.com>
To: Tara Stella <tara@tara.sh>
Cc: =?UTF-8?Q?Network_Neutrality_is_back=21_Let=C2=B4s_make_the_technical_asp?=
 =?UTF-8?Q?ects_heard_this_time=21?= <nnagain@lists.bufferbloat.net>, 
 "David Bray, PhD" <david.a.bray@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [NNagain] FCC - delete, delete, delete
X-BeenThere: nnagain@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?=
 <nnagain.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/nnagain>,
 <mailto:nnagain-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/nnagain>
List-Post: <mailto:nnagain@lists.bufferbloat.net>
List-Help: <mailto:nnagain-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/nnagain>,
 <mailto:nnagain-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2025 18:53:29 -0000

> I'm not an expert, but I wonder if the complexity has increased the poten=
tial attacking surface.

I'm not an expert here either - but I do think complexity does
increase the attack service. Breaking up the control and data planes
seems like a good idea to me.

Also, devices like CPUs that run programmable logic are a target
because their logic flows can be hijacked. Hardware solutions for
simple functions like forwarding packets cannot be reprogrammed at the
data plane level, minimizing their attack service.

Moving the control plane(s) into a management domain where security
experts do their work everyday seems a must to me. Pushing this into
consumer premises and adding more and more seems like a disaster in
the making.

https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html

Bob

On Fri, Mar 14, 2025 at 1:16=E2=80=AFAM Tara Stella <tara@tara.sh> wrote:
>
> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:
>
> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?
>
>
> I'm working for a big telco in Europe, and I'm just marginally involved i=
n the telco network.
> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment s=
itting somewhere.
> On fixed broadband, we migrated everything over IP, voice is SIP, includi=
ng VAS services, that are somehow fading away as well (IMS still in place f=
or voicemail).
> On 5G Standalone, everything is HTTP on the control plane and GTP encapsu=
lation on the user plane.
>
> I'm not an expert, but I wonder if the complexity has increased the poten=
tial attacking surface.
> Cheers,
> Tara
>