 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion Groups General General TopicsGSMBluetoothProviders AlltelATT WirelessCingularFidoNextelSprint PCST-MobileVerizonManufacturers EricssonNokiaMotorolaCountry Specific Australian GroupUK GroupRelated Topics PocketPCPalmMore Topics ... |
Cellular Phone Forum / Providers / Fido / February 2004IP security with GPRS handsets
From what I have read, the GSM networks generally NAT all GPRS handsets who then appear to have all the same IP address from the internet side of things. This means that a server on the internet cannot know whether requests are comming from different users or all the same user etc. Does anyone know if the GSM network operators have logs of which customer connected to which internet IP address at what time ? Or is it impossible (even with warrant) to trace fraudulent use back to a handset ? Would a web/wap server for instance need to also log the client's port number so that the GSM network could then associate the specific call to a handset ? > From what I have read, the GSM networks generally NAT all GPRS handsets who > then appear to have all the same IP address from the internet side of things. [quoted text clipped - 7 lines] > Would a web/wap server for instance need to also log the client's port number > so that the GSM network could then associate the specific call to a handset ? The GSM network operators, for legal reasons, should maintain logfile data. When I browse the web from my AT&T GSM BlackBerry, the web server log file shows: 209.183.48.49 - - [08/Feb/2004:22:04:39 -0700] "GET / HTTP/1.1" 200 3144 "-" "BlackBerry6710/3.6.0 UP.Link/5.1.1.1a" nslookup of 209.183.48.49 shows: Name: pnupagt08.attwireless.net Address: 209.183.48.49 The web server won't be able to identify the user by the incoming port number. Tracing fraud back to an individual subscriber would require cooperation from the carrier. Will Webmaster: http://www.gsmsecurity.com > When I browse the web from my AT&T GSM BlackBerry, the web server log file > shows: > > 209.183.48.49 - - [08/Feb/2004:22:04:39 -0700] "GET / HTTP/1.1" 200 > 3144 "-" "BlackBerry6710/3.6.0 UP.Link/5.1.1.1a" And when I access from my Fido phone, I get an entry such as: 204.92.15.224 - - [04/Feb/2004:21:32:33 +0000] "GET /index.wml HTTP/1.0" 200 107 1 "" "SIE-M55/09 UP.Browser/6.1.0.5.c.6 (GUI) MMP/1.0" with 204.92.15.224 being aegis.fido.ca However, looking at http headers, I also get HTTP_VIA 1.1 squid.fido.ca:3128 (Squid/2.3.STABLE5) HTTP_X_FORWARDED_FOR 205.151.11.27 According to some of the documentation I have read, the forwarded_for should be the address of the phone with the WAP apn. But I can't reverse nslookup that IP. Since I posted the message, I have found that many WAP gateway (but Microcell's doesn't) provide a X_SUBNO header which has a unique number associated with the subscriber.But if Fido doesn't provide it, I guess it isn't all that standard. In alt.cellular.gsm Will Spencer <will.spencer@gsmsecurity.com> wrote: >> From what I have read, the GSM networks generally NAT all GPRS handsets who >> then appear to have all the same IP address from the internet side of things. >> This means that a server on the internet cannot know whether requests are Is that to say that GSM handsets using GPRS don't have any incoming ports? People won't be able to ssh into my connected laptop? > In alt.cellular.gsm Will Spencer <will.spencer@gsmsecurity.com> wrote: > [quoted text clipped - 4 lines] > Is that to say that GSM handsets using GPRS don't have any incoming > ports? People won't be able to ssh into my connected laptop? If you don't want anyone accessing your crummy laptop, put a firewall on it. If it's connected, it's vulnerable.  Signaturejer email reply - I am not a 'ten' ICQ = 35253273 "All that we do is touched with ocean, yet we remain on the shore of what we know." -- Richard Wilbur Jer wrote:> If you don't want anyone accessing your crummy laptop, put a firewall on > it. If it's connected, it's vulnerable. From what I have read, it depends on the network. If the network uses NAT, there may be no way to connect from the internet to the phone since the NAT router has no idea to which phone an incoming call should be routed. If a network provides dynamic routable IP adresses without using NAT, then yes, you could connect remotely to the handset. But from what I read, most networks use NAT. Some implementations may have smart enough NAT to allow some UDP packets to get back to the phone (for instance to allow a traceroute/ping). > Jer wrote:> If you don't want anyone accessing your crummy laptop, put a > firewall on [quoted text clipped - 11 lines] > Some implementations may have smart enough NAT to allow some UDP packets to > get back to the phone (for instance to allow a traceroute/ping). Yes, what you say is all true, but don't ignore the network administrators, you don't know whether they're angels either. It's your computer, and it's your responsibility to allow or deny what connects to it, not theirs. You don't make risk assessments in terms of what someone says they want to do, nor what you think they want to do. You consider what they CAN do, given opportunity. Any lesser assessment is begging for abuse. A firewall is your friend, not theirs. Signaturejer email reply - I am not a 'ten' ICQ = 35253273 "All that we do is touched with ocean, yet we remain on the shore of what we know." -- Richard Wilbur |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.