Mobile telcos that became "accidental" internet service providers (ISPs) through the rise of mobile broadband are more at risk of Distributed Denial of Service (DDoS) attacks than fixed broadband providers, according to Arbor Networks Asia Pacific solutions architect Roland Dobbins.
Dobbins told the Australian Network Operators Group's fifth annual conference in Sydney today that the TCP/IP side of mobile networks was mostly an afterthought for mobile telcos who found they'd become ISPs after the rise of smartphones such as the iPhone. He said that in order to keep the network secure, a lot of telcos put "stateful" firewalls or devices on their networks. These devices keep an eye on every piece of traffic flowing through the network.
"A lot of the wireless data networks are designed rather like poorly designed enterprise networks, and they've done things like, they stuck stateful firewalls in the middle of these networks. So they put a lot of unnecessary and harmful state into the wireless network."
This creates a potential DDoS point of attack, Dobbins said, allowing a bot to clog up the state table of a firewall and cause it to fall over.
"When it hits the back side of the stateful firewall, the stateful firewall falls over and now you have a big data outage for many, many users who are served by that stateful firewall," he said.
According to Dobbins, the problem was technology agnostic.
"It's not just GSM technologies, but newer technologies, as well — UMTS, LTE, CDMA; it doesn't really matter."
Dobbins said that stateful devices should not be on mobile networks, because "if you're on the internet, you're always under attack. There's some bot that's always trying to hack in". If carriers did have these devices on their network, however, they needed to take precautions, he said.
"If you operate a mobile wireless network [and] you have stateful firewalls ... you have to protect them. You need to have enough visibility in your network traffic to be able to understand when this malicious harmful traffic is being generated by botted hosts on your wireless network and have the ability to mitigate that traffic, have the ability to potentially quarantine those users," he said.