Start a conversation Sign in
Start a conversation
  1. NewNet
  2. NewNet - Lithium
  3. Articles

Message Wrongly Blocked by MO Anti-Spoofing

Overview

This article explains how to troubleshoot a specific subscriber in roaming when messages fail due to an anti-spoofing rule.

 

Troubleshooting

The first thing to investigate is the Syslog, filtering messages related to the A-party number. In the example below, the A-party is 999999999, and the following messages can be observed, indicating that MO messages from A-party were considered spoofed, thus getting blocked by the system.

textpass@customer-rtr log]$ grep 999999999 messages
Oct 17 00:54:46 customer-rtr snmptrapd[3533]: 00:54:46 TRAP6.TEXTPASS-SMS-MIB::fwMoFwdSmWithSpoofedOriginatorAddress TEXTPASS-SMS-MIB::fwTrapOriginatorAddressInMoFwdSm.0 = STRING: "51999999999" TEXTPASS-SMS-MIB::fwTrapMscOrSgsnAddressInMoFwdSm.0 = STRING: "5288888888888" TEXTPASS-SMS-MIB::fwTrapMscOrSgsnAddressInSriSm.0 = "" TEXTPASS-SMS-MIB::fwTrapImsiInMoFwdSm.0 = "" TEXTPASS-SMS-MIB::fwTrapImsiInSriSm.0 = "" TEXTPASS-GEN-MIB::deviceType.0 = STRING: "RTR" from customer-rtr
Oct 17 01:07:49 customer-rtr snmptrapd[3533]: 01:07:49 TRAP6.TEXTPASS-SMS-MIB::fwMoFwdSmWithSpoofedOriginatorAddress TEXTPASS-SMS-MIB::fwTrapOriginatorAddressInMoFwdSm.0 = STRING: "51999999999" TEXTPASS-SMS-MIB::fwTrapMscOrSgsnAddressInMoFwdSm.0 = STRING: "5277777777777" TEXTPASS-SMS-MIB::fwTrapMscOrSgsnAddressInSriSm.0 = "" TEXTPASS-SMS-MIB::fwTrapImsiInMoFwdSm.0 = "" TEXTPASS-SMS-MIB::fwTrapImsiInSriSm.0 = "" TEXTPASS-GEN-MIB::deviceType.0 = STRING: "RTR" from customer-rtr
Oct 18 10:22:55 customer-rtr snmptrapd[3533]: 10:22:55 TRAP6.TEXTPASS-SMS-MIB::fwMoFwdSmWithSpoofedOriginatorAddress TEXTPASS-SMS-MIB::fwTrapOriginatorAddressInMoFwdSm.0 = STRING: "51999999999" TEXTPASS-SMS-MIB::fwTrapMscOrSgsnAddressInMoFwdSm.0 = STRING: "5266666666666" TEXTPASS-SMS-MIB::fwTrapMscOrSgsnAddressInSriSm.0 = "" TEXTPASS-SMS-MIB::fwTrapImsiInMoFwdSm.0 = "" TEXTPASS-SMS-MIB::fwTrapImsiInSriSm.0 = "" TEXTPASS-GEN-MIB::deviceType.0 = STRING: "RTR" from customer-rtr

The errors above indicate the MO Anti-Spoofing check failed for A-party 51999999999 because there was no response for the SRI-SM sent from Lithium SMSC to the HLR, or the SRI-SM response was returning some error.

The diagram below illustrates the call flow for a MO/SM being checked for spoofing.

mceclip0.png

Since Lithium SMSC could not validate the MSC/VLR information for this originator, the firewall was blocking it as a MO-spoofed message because of the following setting:

[textpass@customer-rtr log]$ tp_walk fwProperties | grep -i MoAction
fwPropMoActionForOriginatingAddressSpoofing.0 = INTEGER: discardWithNak(4)

You can verify if the responses are not reaching the SMSC by checking if the SRI-SM timeout counter increases:

$ tp_walk smsCntSriSmTimeoutCounter
smsCntSriSmTimeoutCounter.0 = Counter32: 29

And after a while:

$ tp_walk smsCntSriSmTimeoutCounter
smsCntSriSmTimeoutCounter.0 = Counter32: 51

 

Solution

To bypass the MO Anti-Spoofing, you need to check and allow the message to be sent. You can include the originating MSC/VLR GT to the whitelist of MSC Global Titles (GTs) that the FWL will consider trusted.

  1. Check the Syslog on Traffic Elements indicating MO-spoofed messages that should be allowed (i.e., for the specific subscriber complaining).

    [textpass@customer-rtr log]$ grep 999999999 /var/log/messages*
    Oct 17 00:54:46 customer-rtr snmptrapd[3533]: 00:54:46 TRAP6.TEXTPASS-SMS-
    MIB::fwMoFwdSmWithSpoofedOriginatorAddress TEXTPASS-SMS-
    MIB::fwTrapOriginatorAddressInMoFwdSm.0 = STRING: "51999999999" TEXTPASS-SMS-
    MIB::fwTrapMscOrSgsnAddressInMoFwdSm.0 = STRING: "5288888888888" TEXTPASS-
    SMS-MIB::fwTrapMscOrSgsnAddressInSriSm.0 = "" TEXTPASS-SMS-=
    MIB::fwTrapImsiInMoFwdSm.0 = "" TEXTPASS-SMS-MIB::fwTrapImsiInSriSm.0 = ""
    TEXTPASS-GEN-MIB::deviceType.0 = STRING: "RTR" from customer-rtr

  2. Identify the originating MSC/VLR on the output above, displayed in the following field:

    fwTrapMscOrSgsnAddressInMoFwdSm

  3. In the /usr/TextPass/etc/common_config.txt file, identify the list name assigned to the following parameter:

    whitelistofmomscforspoofchecksuppression

  4. Edit the GT list in the MGR GUI under Routing > Others > Lists. Open the list with the name identified on step 3 and insert the GT address determined in step 2.

  5. You can add a GT prefix if needed (for example, 528888*).

  6. Save the list.

 

Disabling the MO Anti-Spoofing Functionality

Consider the procedure below to disable the functionality:

  1. Login as TextPass to the MGR node and edit the /usr/TextPass/etc/common_config.txt file by changing the firewallmospoofingcheckcondition field from always to never.

  2. Go to each RTR, restart the TextPass process one at a time. Wait until the process is operational again before proceeding with the next one.

    tp_config --validateonly
    tp_stop --textpass; tp_start --textpass
    tp_status

For more details, please check the NMM Firewall Guide available in the NewNet Download Center.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments