Overview
This article explains the MT Spoofing process in a firewall and the parameters that can be configured to set it up.
Information
MT Spoofing, also called faking, happens when the SMSC address of an MT message does not reflect the actual originating network of the message. The spoofer impersonates another network, which causes the terminating network to charge the impersonated (spoofed) network for terminating fees. The MAP address, SCCP address, or both can be spoofed. MT Spoofing checks are limited to suspect traffic.
Types of MT Spoofing
|
Type of Spoofing |
|
Description |
---|---|---|---|
|
Spoofing at the SCCP layer |
|
The SMSC address at the SCCP layer differs between the SendRoutingInfoForSm request and the MtForwardSm request |
|
Spoofing at the MAP layer |
|
The SMSC address at the MAP layer differs between the SendRoutingInfoForSm request and the MtForwardSm request |
|
Conflicting addresses in the SendRoutingInfoForSm request |
|
In the SendRoutingInfoForSm request, the SMSC address at the SCCP layer differs from the SMSC address at the MAP layer |
|
Conflicting addresses in the MtForwardSm request |
|
In the MtForwardSm request, the SMSC address at the SCCP layer MtForwardSm request differs from the SMSC address at the MAP layer |
MT Spoofing Detection
To detect MT Spoofing, the FWL:
-
compares the SMSC addresses at the MAP and SCCP levels in SendRoutingInfoForSm requests from suspect SMSCs,
-
compares the SMSC addresses at the MAP and SCCP levels in the MtForwardSm requests from suspect SMSCs, and
-
correlates each SendRoutingInfoForSm request from a suspect SMSC with its corresponding MtForwardSm request from a suspect SMSC and compares their SMSC addresses at the MAP and SCCP levels.
Things to Know
An unsolicited MtForwardSm operation is a MtForwardSm that the FWL cannot correlate with a preceding SendRoutingInfoForSm operation.
The FWL compares the SMSC Address to the country and network entities that are defined in the MGR.
MT Spoofing Parameters
Layer to Compare
Select the Enable MT Spoofing Address Match configuration option for the Network:
-
If the full SMSC address at the SCCP layer in the SRI-SM request needs to be matched against the corresponding SMSC address in the MT-FSM request.
-
If the full SMSC address at the MAP layer in the SRI-SM Request needs to be matched against the corresponding SMSC address in the MT-FSM request.
MT Spoofing Detected
If an MT Spoofing is detected, the action to perform can be configured for each kind of MT Spoofing in the semi-static configuration file. The types of MT Spoofings are:
-
firewallmtactionforsccpsmscaddressspoofing
-
firewallmtactionformapsmscaddressspoofing
-
firewallmtactionforconflictingaddress
-
firewallmtactionforunknownsccpaddress
-
firewallmtactionforunknownmapaddress
And the valid values for these fields are:
-
blockwithtemporaryerror
: Blocks and returns a temporary error to the SMSC. -
blockwithpermanenterror
: Blocks and returns a permanent error to the SMSC. -
blockwithnoresponse
: Blocks and does not return a response to the SMSC. -
blockwithack
: Blocks and returns an ACK to the SMSC. -
pass
: Allows the Mobile Messaging system to continue processing the message.
The default value is blockwithnoresponse
.
Unsolicited MT
For an unsolicited MT, the semi-static parameter firewallmtactionforunsolicitedmtfwdsm
can be set with the values:
-
blockwithtemporaryerror
: Blocks and returns a temporary error to the SMSC. -
blockwithpermanenterror
: Blocks and returns a permanent error to the SMSC. -
blockwithnoresponse
: Blocks and does not return a response to the SMSC. -
blockwithack
: Blocks and returns an ACK to the SMSC.
The default value is blockwithnoresponse
.
Temporary Error
The temporary error that the FWL will return to the SMSC/originator can be customized using the semi-static configuration parameter mttemporarydiscarderrorformscorsgsn
with the values:
-
unknownsubscriber
-
absentsubscriber
-
systemfailure
-
facilitynotsupported
-
memorycapacityexceeded
-
equipmentprotocolerror
-
unknownservicecentre
-
sccongestion
-
invalidsmeaddress
-
subscribernotscsubscriber
The default value is absentsubscriber
.
Permanent Error
The permanent error that the FWL will return to the SMSC/originator can be customized using the semi-static configuration parameter mtpermanentdiscarderrorformscorsgsn
with the values:
-
unknownsubscriber
-
absentsubscriber
-
systemfailure
-
facilitynotsupported
-
memorycapacityexceeded
-
equipmentprotocolerror
-
unknownservicecentre
-
sccongestion
-
invalidsmeaddress
-
subscribernotscsubscriber
The default value is unknownsubscriber
.