Hi, > The address(es) of the ePDG are discovered using DNS: the phone will try > to resolve epdg.epc.mncXXX.mccYYY.pub.3gppnetwork.org, where XXX is your > operator's Mobile Network Code (for instance Swisscom is 001), and YYY > is your Mobile Country Code (228 for Switzerland). > > So I guess a first test can be to look for these addresses and watch for > ipsec traffic.
Also looks like a terribly easy way to spoof or screw up automatic discovery. I doubt any vendor uses DNSSec here (or that it will be of any use to protect against abuse). And oh! What about home routers that don't delegate DNS to the provider's DNS infrastructure? Regards, Greg _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
