DDoS risk plagues accidental ISPs

DDoS risk plagues accidental ISPs

Summary: Mobile telcos that became "accidental" internet service providers (ISPs) through the rise of mobile broadband are more at risk of Distributed Denial of Service (DDoS) attacks than fixed broadband providers, according to Arbor Networks Asia Pacific solutions architect Roland Dobbins.

SHARE:
TOPICS: Security, Telcos
1

Mobile telcos that became "accidental" internet service providers (ISPs) through the rise of mobile broadband are more at risk of Distributed Denial of Service (DDoS) attacks than fixed broadband providers, according to Arbor Networks Asia Pacific solutions architect Roland Dobbins.

Dobbins told the Australian Network Operators Group's fifth annual conference in Sydney today that the TCP/IP side of mobile networks was mostly an afterthought for mobile telcos who found they'd become ISPs after the rise of smartphones such as the iPhone. He said that in order to keep the network secure, a lot of telcos put "stateful" firewalls or devices on their networks. These devices keep an eye on every piece of traffic flowing through the network.

"A lot of the wireless data networks are designed rather like poorly designed enterprise networks, and they've done things like, they stuck stateful firewalls in the middle of these networks. So they put a lot of unnecessary and harmful state into the wireless network."

This creates a potential DDoS point of attack, Dobbins said, allowing a bot to clog up the state table of a firewall and cause it to fall over.

"When it hits the back side of the stateful firewall, the stateful firewall falls over and now you have a big data outage for many, many users who are served by that stateful firewall," he said.

According to Dobbins, the problem was technology agnostic.

"It's not just GSM technologies, but newer technologies, as well — UMTS, LTE, CDMA; it doesn't really matter."

Dobbins said that stateful devices should not be on mobile networks, because "if you're on the internet, you're always under attack. There's some bot that's always trying to hack in". If carriers did have these devices on their network, however, they needed to take precautions, he said.

"If you operate a mobile wireless network [and] you have stateful firewalls ... you have to protect them. You need to have enough visibility in your network traffic to be able to understand when this malicious harmful traffic is being generated by botted hosts on your wireless network and have the ability to mitigate that traffic, have the ability to potentially quarantine those users," he said.

Topics: Security, Telcos

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • "According to Dobbins, the problem was technology agnostic.

    "It's not just GSM technologies, but newer technologies, as well — UMTS, LTE, CDMA; it doesn't really matter."

    Well of course. Those technologies refer to the layer 1 (physical/transmission layer). of course doing a DoS or a DDoS on the tower, whether its using CDMA, LTE, GSM etc is going to be a bit pointless (and quite difficult). If anything most area's are overlayed by multiple nodes.

    So yes obviously the layer 2/3 component of the network is where a DDoS is going to attack. Of course though you'd have to wonder why traffic external to that network is even allowed to ping what should be a transparent firewall.
    chugs@...