Start a conversation Sign in
Start a conversation
  1. NewNet
  2. NewNet - Lithium
  3. Articles

MT Spoofing Overview

Overview

This article explains the MT Spoofing process in a firewall and the parameters that can be configured to set it up.

 

Information

MT Spoofing, also called faking, happens when the SMSC address of an MT message does not reflect the actual originating network of the message. The spoofer impersonates another network, which causes the terminating network to charge the impersonated (spoofed) network for terminating fees. The MAP address, SCCP address, or both can be spoofed. MT Spoofing checks are limited to suspect traffic.

 

Types of MT Spoofing

 

Type of Spoofing

 

Description

 

Spoofing at the SCCP layer

 

The SMSC address at the SCCP layer differs between the SendRoutingInfoForSm request and the MtForwardSm request

 

Spoofing at the MAP layer

 

The SMSC address at the MAP layer differs between the SendRoutingInfoForSm request and the MtForwardSm request

 

Conflicting addresses in the SendRoutingInfoForSm request

 

In the SendRoutingInfoForSm request, the SMSC address at the SCCP layer differs from the SMSC address at the MAP layer

 

Conflicting addresses in the MtForwardSm request

 

In the MtForwardSm request, the SMSC address at the SCCP layer MtForwardSm request differs from the SMSC address at the MAP layer

 

MT Spoofing Detection

To detect MT Spoofing, the FWL:

  1. compares the SMSC addresses at the MAP and SCCP levels in SendRoutingInfoForSm requests from suspect SMSCs,

  2. compares the SMSC addresses at the MAP and SCCP levels in the MtForwardSm requests from suspect SMSCs, and

  3. correlates each SendRoutingInfoForSm request from a suspect SMSC with its corresponding MtForwardSm request from a suspect SMSC and compares their SMSC addresses at the MAP and SCCP levels.

Things to Know

An unsolicited MtForwardSm operation is a MtForwardSm that the FWL cannot correlate with a preceding SendRoutingInfoForSm operation.

The FWL compares the SMSC Address to the country and network entities that are defined in the MGR.

 

MT Spoofing Parameters

Layer to Compare

Select the Enable MT Spoofing Address Match configuration option for the Network:

  • If the full SMSC address at the SCCP layer in the SRI-SM request needs to be matched against the corresponding SMSC address in the MT-FSM request.

  • If the full SMSC address at the MAP layer in the SRI-SM Request needs to be matched against the corresponding SMSC address in the MT-FSM request.

 

MT Spoofing Detected

If an MT Spoofing is detected, the action to perform can be configured for each kind of MT Spoofing in the semi-static configuration file. The types of MT Spoofings are:

  • firewallmtactionforsccpsmscaddressspoofing

  • firewallmtactionformapsmscaddressspoofing

  • firewallmtactionforconflictingaddress

  • firewallmtactionforunknownsccpaddress

  • firewallmtactionforunknownmapaddress

And the valid values for these fields are:

  • blockwithtemporaryerror: Blocks and returns a temporary error to the SMSC.

  • blockwithpermanenterror: Blocks and returns a permanent error to the SMSC.

  • blockwithnoresponse: Blocks and does not return a response to the SMSC.

  • blockwithack: Blocks and returns an ACK to the SMSC.

  • pass: Allows the Mobile Messaging system to continue processing the message.

The default value is blockwithnoresponse.

 

Unsolicited MT

For an unsolicited MT, the semi-static parameter firewallmtactionforunsolicitedmtfwdsm can be set with the values:

  • blockwithtemporaryerror: Blocks and returns a temporary error to the SMSC.

  • blockwithpermanenterror: Blocks and returns a permanent error to the SMSC.

  • blockwithnoresponse: Blocks and does not return a response to the SMSC.

  • blockwithack: Blocks and returns an ACK to the SMSC.

The default value is blockwithnoresponse.

 

Temporary Error

The temporary error that the FWL will return to the SMSC/originator can be customized using the semi-static configuration parameter mttemporarydiscarderrorformscorsgsn with the values:

  • unknownsubscriber

  • absentsubscriber

  • systemfailure

  • facilitynotsupported

  • memorycapacityexceeded

  • equipmentprotocolerror

  • unknownservicecentre

  • sccongestion

  • invalidsmeaddress

  • subscribernotscsubscriber

The default value is absentsubscriber.

 

Permanent Error

The permanent error that the FWL will return to the SMSC/originator can be customized using the semi-static configuration parameter mtpermanentdiscarderrorformscorsgsn with the values:

  • unknownsubscriber

  • absentsubscriber

  • systemfailure

  • facilitynotsupported

  • memorycapacityexceeded

  • equipmentprotocolerror

  • unknownservicecentre

  • sccongestion

  • invalidsmeaddress

  • subscribernotscsubscriber

The default value is unknownsubscriber.

 

Related Articles

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments