Beruflich Dokumente
Kultur Dokumente
Types of Charging
Attacks against the charging process typically falls into two main
categories,policy weakness attacks, and stress-testing attacks. Policy
weakness attacks targets misconfiguration or improper configuration of
the charging policy. The golden rule in such attacks is that whatever you
offer for free can be used against you. Operators tend to offer free data
services either because of commercial requirements or technical
limitation. In this category we will discuss three different techniques
used to bypass your charging; the free URL technique, traffic tunneling,
and internal proxy misuse. The second category relies on creating an
exception condition in the charging system by overloading the system
with specific traffic. In this category we will discuss issues resulting from
bypassing the system’s accounting functionality. For each attack, we
will discuss the theory behind it, and the proper configuration to
prevent it. We will then analyze the typical tools used to conduct this
attack. Finally we will present how to use our security tools such as
snort, OSSIM, and SilK to detect, and possibly prevent those attacks in
the next lesson.
But it is not always possible to build a charging rule like this, either
because the charging system does not allow for complex rules or
because the destination IP is dynamic. When this happens an attack
surface is presented to the attacker to manipulate the requests into
getting his free access.
The tool Method Procedure
The Defense to prevent these exploits and other more exploits will be in chapter 2 as well as
detailed X and setting up the proxy server for free Internet.
#Wε 4rε An0ηym0μS
#Legion is my name for we are many
#Expect Us
What are you doing to make this world a better Place.