Actions
Feature #4249
openSS7 Protocol Support
Effort:
medium
Difficulty:
medium
Label:
Protocol
Description
Add support for TCAP/MAP Signalling System 7 (SS7) protocols transported on the SIGTRAN stack:
IP / SCTP / MTP2 / MTP3 / SCCP / TCAP / MAP
This includes EVE logging and detection keywords.
Addressing schemes in this stack:
- IP address & SCTP port may not be useful for signatures
- Add support for Point Code (MTP3) & Subsystem Number (SCCP)
- Add support for Global Title (SCCP)
Fields useful as detection keywords:
- Message Type (TCAP)
- Operation Code (MAP)
- Other arguments specific to op codes (MAP)
Keep in mind the various protocol standards, ANSI MAP is different from GSM MAP (ITU).
Resources- All: ITU-T Q.700–Q.849 Series for SS7
- TCAP: ITU-T Q.771-Q.775 or ANSI T1.114
- MAP: 3GPP TS 29.002 or 3GPP2 X.S0004
Actions