Telepocalypse

It's even worse than that - like old-fashioned half-duplex Ethernet and unlike TCP/IP, SS7 was poorly designed and implodes when load increases past a critical point. The telco control plane makes a lot of optimistic assumptions about the volume of signalling data.

Posted by: at October 7, 2005 04:20 PM

SMS could be delivered through dedicated channel like voice call or packet data call. Also the deliver location could be optimized to specific zones instead of broadcasting to the whole city.

Posted by: at October 7, 2005 06:19 PM

The mechanisms these 'researchers' were talking about were internet gateways that allow you to send SMS. I find it hard to believe that operators, with their love of SS7 and IN, would not have built in some kind of throttle-back on the interface to the SMSC from these internet gateways! It may still be possible to mount a DOS attack but you'd have to be much more clever than these people make out.
Either that or the guys running the intelligent networks are more stupid than I thought.
I read the story a week or so ago, but I thought that people would ignore it. Seems if you rehash these stories enough through the blogs they become credible!

Posted by: at October 7, 2005 09:44 PM

Sorry, I am Mr SS7 to those who know me and I've done a pink elephant SS7 security consulting role. In short everything is possible in theory. But that is where this one will remain.

This story is a crock of crap (no offense to you Martin).

Posted by: at October 8, 2005 12:51 AM

I'm beg to differ with the article.
It's true that SMS travel on SS7 level(signaling), and it is also true that SS7 level(TCAP more concretly) didn't have congestion algorithm before 96. But now it have a field telling the QoS(priority) of the package, and all the SMS packages goes with near junk priority.
So they will be silently drop before congesting the network.

Regarding the ss7 vs TCP/ip battle, tcp/ip wins any time(except price of the handling equipment ;) ).

Posted by: at October 9, 2005 05:51 PM

Of course, you network 'knows' that those SMS messages are less important than voice calls, and that it's better to have radio spectrum idle than overwhelm the signalling channel with SMS junk.

Do I really need to add a smiley, or is the irony obvious?

Posted by: at October 9, 2005 08:07 PM

It is easy to attack a technology when it is pushed too far from its original design specs. The SS7 network was designed for a closed environment and to be run in a community of sensible companies.

It is like living in a small village where no-one locks their doors. Actually pretty handy for deliveries and returning things you have borrowed, but a disaster when somone decides to go down there and rob all the houses.

The problem is that with the changed landscape AND laying off those who actually known the system and can change it to adapt it to thechanges, the telcos (and their vendors) have created their own problem. This is in my mind not a technology (intelligence) problem but a commercial one.

Posted by: at October 11, 2005 09:16 AM

"A bunch of assumptions were made about the nature of the end points when the intelligence was built into the network, but over time those assumptions became invalid."

I think you've just discovered the end-to-end principle. Any optimisation in the network over and above bit delivery is likely to be premature.

Posted by: at October 11, 2005 10:39 AM

Not quite. Any deployment of anything (from telecomms to chairs) needs to make certain assumptions. To us, chairs from 200 years ago are rediculously low. The assumption then was that people were a certain height. This is no longer the case. So you do not use that old chair that has been in the family for 200 years, you buy a new one.

To come back to the SS7 issue. It is old, is not upgraded to deal with today's issues as this would add costs where revenues are going down. (and, oh yeah they have fired all the people who could fix this in their sleep)

In telecomms we all can see that the requirements on the infrastructure have changed, so we build a new one. The problem is that the incumbents have not figured out a new business model, so they try and replicate their old closed model. In that model they provide services not bits, becauce they see that the value of bits is going to be low.

Now this is where they go wrong. The value of individual bits is low but in aggregate it is a quite valuable business. True the value of a voice call is higher, in certain situations. However restricting all communication to the equivalent of a voice call is daft. So I am perfect agreement with the statements that you need to allow for a dumber infrastructure than the phone-call, to allow for other services that use the generic bandwith.

So yes the e2e principle holds but dragging the SS7 story into this is comparing apples and oranges.

What the incumbents have not figured out still(!) is that those other services may be delivered by a third party AND that they make money from that if they support these parties adequeately and/or if this increases the value of the pipe they have already sold to their customers. So they are wasting money the vertical stovepipe called IMS.

Posted by: at October 11, 2005 01:04 PM