P1sec / SigFW

Open Source Signaling Firewall for SS7, Diameter filtering, antispoof and antisniff
https://www.blackhat.com/us-17/briefings.html#ss7-attacker-heaven-turns-into-riot-how-to-make-nation-state-and-intelligence-attackers-lives-much-harder-on-mobile-networks
GNU Affero General Public License v3.0
126 stars 55 forks source link
diameter encryption firewall security signalling sigtran ss7 telecom

SigFW

Open Source SS7/Diameter firewall

SigFW introduction

Build instructions

For more detailed installation and build instructions refer to this page.

Prerequisities

Install Maven (Optional) Netbeans IDE for developers

Clone source code

git clone https://github.com/P1Sec/SigFW

Build SigFW project

cd ./SigFW/sigfw/sigfw.sigfw
mvn clean install -Dmaven.test.skip=true

Run SS7FW

mvn exec:java -Dexec.mainClass="ss7fw.SS7Firewall"
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput"
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server"

Replay traffic from pcap

cd ./input
mkfifo pipe
tshark -T ek -x -j "" -r ./input/sigtran.pcap > sigtran.json
cat ./input/sigtran.json > pipe

Run DiameterFW

mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewall"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer"

Replay traffic from pcap

cd ./input
mkfifo pipe
tshark -T ek -x -j "" -r ./input/diameter.pcap > diameter.json
cat ./input/diameter.json > pipe

Security

For both SS7FW and DiameterFW before using.

realm.properties: Change the username, password for firewall API

sigfw.json: Generate new Public, Private Keys. Change the mThreat salt

Jetty: Change the certificate

To test the encryption, signatures

Instead of SS7Firewall run SS7FirewallFirstInstance and SS7FirewallSecondInstance

Instead of DiameterFirewall run DiameterFirewallFirstInstance and DiameterFirewallSecondInstance

Limitations

Program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.

License

SigFW is licensed under dual license policy. The default license is the Free Open Source GNU Affero GPL v3.0. Alternatively a commercial license can be obtained from P1 Security S.A.S.

Attribution

For the list of contributors, see the AUTHORS file.

Original work was created by Martin Kacer, Philippe Langlois

Copyright 2020, P1 Security S.A.S and individual contributors

We would like to thanks for everyone supporting this project.