nanog mailing list archives
Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities
From: Michael Thomas <mike () mtcc com>
Date: Thu, 16 May 2024 19:41:32 -0700
On 5/16/24 6:55 PM, John Levine wrote:
It appears that Brandon Martin <lists.nanog () monmotha net> said:I think the issue with their lack of effectiveness on spam calls is due to the comparatively small number of players in the PSTN (speaking of both classic TDM and modern IP voice-carrying and signaling networks) world allowing lots of regulatory capture.It's the opposite. SS7 was designed for a world with a handful of large trustworthy telcos. But now that we have VoIP, it's a world of a zillion sleasy little VoIP carriers stuffing junk into the network. The real telcos have no desire to deliver spam calls. Everything is bill and keep so they get no revenue and a lot of complaints. Mike is right that STIR/SHAKEN is more complex than it needs to be but even after it was widely deployed, the telcos had to argue with the FCC to change the rules so they were allowed to drop spam calls which only changed recently. That's why you see PROBABLE SPAM rather than just not getting the call.
I was screaming at the top of my lungs that P-Asserted-Identity was going to bite them in the ass 20 years ago. And then they eventually came up with something that solved the wrong problem in the most bellheaded way possible 15 years later. Bellheads should not be trusted with internet security. The FCC is most likely not blameless here either but the telcos/bellheads most certainly aren't either. Anybody who thinks this is an either/or problem is wrong.
Mike
Current thread:
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities, (continued)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Job Snijders via NANOG (May 16)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Josh Luthman (May 16)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Mike Hammett (May 17)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Tom Beecher (May 17)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Sean Donelan (May 17)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities heasley (May 20)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Brandon Martin (May 16)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Job Snijders via NANOG (May 16)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Michael Thomas (May 16)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities John Levine (May 16)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Michael Thomas (May 16)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Sean Donelan (May 17)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Ca By (May 17)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Tom Beecher (May 17)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Ca By (May 17)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Tom Beecher (May 17)
- RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Jason Baugher (May 18)
- RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities Jason Baugher (May 18)
- Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities scott via NANOG (May 18)