[NNagain] FCC - delete, delete, delete
Robert McMahon
rjmcmahon at rjmcmahon.com
Fri Mar 14 14:53:16 EDT 2025
> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
I'm not an expert here either - but I do think complexity does
increase the attack service. Breaking up the control and data planes
seems like a good idea to me.
Also, devices like CPUs that run programmable logic are a target
because their logic flows can be hijacked. Hardware solutions for
simple functions like forwarding packets cannot be reprogrammed at the
data plane level, minimizing their attack service.
Moving the control plane(s) into a management domain where security
experts do their work everyday seems a must to me. Pushing this into
consumer premises and adding more and more seems like a disaster in
the making.
https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html
Bob
On Fri, Mar 14, 2025 at 1:16 AM Tara Stella <tara at tara.sh> wrote:
>
> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:
>
> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?
>
>
> I'm working for a big telco in Europe, and I'm just marginally involved in the telco network.
> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment sitting somewhere.
> On fixed broadband, we migrated everything over IP, voice is SIP, including VAS services, that are somehow fading away as well (IMS still in place for voicemail).
> On 5G Standalone, everything is HTTP on the control plane and GTP encapsulation on the user plane.
>
> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.
> Cheers,
> Tara
>
More information about the Nnagain
mailing list