PDA

View Full Version : Billing bypass and fraud on LTE networks



damage
2017-03-13, 12:33 AM
Hi everyone,
Im new in this forum so this is my first post. Im opening this thread (and correct me if this not the right place) to hear from the expert on this matter what are the actual frauds/billing bypass that are you seeing in the mobile networks.
Actually i know there are some tools that encapsulate TCP traffic over UDP (wich is not chargeable content) and also, there are method to use TXT record in DNS querys to encapsulate HTTP traffic.

Most operators just monitor not chargeable content metrics in order to identify fraud, but there is a automated way to do this? what is your experience?

Thanks

(PD: five me some reputation to be able to download content :-P)

simog72
2017-03-14, 02:23 AM
personally i cant undestand a fills text in DNS query can be routed to an a right destination host ..but i m a newbie !

damage
2017-03-14, 10:51 AM
You can learn about dns tunneling here:

(a) http://resources.infosecinstitute.com/dns-tunnelling/#gref

(b) https://community.infoblox.com/t5/Community-Blog/DNS-Data-Exfiltration-How-it-works/ba-p/3664

This technique is very common on 3G/LTE network to bypass billing controls. despite is _very_ slow to transmit TCP over UDP, the fraud is successfull.


personally i cant undestand a fills text in DNS query can be routed to an a right destination host ..but i m a newbie !

JeffreyDounc
2017-04-18, 06:09 PM
The 1600 in my 309 is a bit slow so Im Going to be putting a 1900 in, now I know the ecu and afm are different but are the dizzy and the injectors the same?