SS7 Operator Point Codes Database

Comprehensive reference of SS7 operator point codes for security research and network analysis. Includes ITU, ANSI, and TTC formats with security implications.

Educational Use Only: This data is for security research and educational purposes only. Use responsibly and in accordance with applicable laws and regulations.

Point Code Formats

Understanding different SS7 point code standards

ITU Format

Zone-Area-ID (14-bit)

2-001-1

Used in Europe, Africa, Asia-Pacific

ANSI Format

Network-Cluster-Member (24-bit)

243-020-001

Used in North America

TTC Format

Japanese standard (16-bit)

7-001-1

Used in Japan and Korea

Major Global Operators

Verizon Wireless

United States - North America

High Risk

Network Codes

MCC: 310

MNC: 004, 005, 006, 010, 012, 013

Point Codes (ANSI)

243-020-001 (MSC New York)243-020-002 (MSC Los Angeles)

Known Vulnerabilities: Location tracking via roaming, SMS interception. Major US carrier with extensive roaming agreements makes it a high-value target.

AT&T Mobility

United States - North America

High Risk

Network Codes

MCC: 310

MNC: 070, 150, 170, 280, 380, 410

Point Codes (ANSI)

243-010-001 (MSC Dallas)243-010-010 (MSC Atlanta)

Known Vulnerabilities: Call interception, location disclosure, SMS spoofing. Legacy carrier with mixed SS7/Diameter infrastructure and known security incidents.

Vodafone UK

United Kingdom - Europe

Medium Risk

Network Codes

MCC: 234

MNC: 15

Point Codes (ITU)

2-001-1 (MSC London)2-001-2 (MSC Manchester)

Security Notes: Major European operator with global roaming. Implements SS7 firewall but vulnerabilities exist in international roaming attacks and HLR interrogation.

Deutsche Telekom

Germany - Europe

Low Risk

Network Codes

MCC: 262

MNC: 01

Point Codes (ITU)

2-049-1 (MSC Berlin)2-049-2 (MSC Munich)

Security Notes: German national operator with advanced SS7 security measures. Early adopter of SS7 firewalls with limited exposure via legacy interconnects.

Point Code Attack Vectors

How attackers use point codes for reconnaissance and targeting

High Risk

Point Code Enumeration

Scanning point code ranges to identify active network elements and map network topology.

Mitigation: Implement point code filtering and rate limiting on SS7 firewalls.

Medium Risk

Operator Identification

Using point codes to identify target operators for focused attacks and vulnerability exploitation.

Mitigation: Obscure point code assignments where possible and implement topology hiding.

High Risk

Network Topology Mapping

Building detailed network maps using point code relationships and interconnection patterns.

Mitigation: Deploy SS7 firewalls with comprehensive topology obfuscation.

Defensive Strategies

1
Point Code Randomization
Implement dynamic point code assignment where technically feasible to prevent enumeration.
2
SS7 Firewall Deployment
Deploy comprehensive SS7 firewalls with point code filtering and whitelist-based access control.
3
Network Topology Obfuscation
Hide internal network structure from external parties using topology hiding techniques.
4
Regular Point Code Audits
Conduct periodic audits of point code assignments and access patterns to detect anomalies.

Related Resources

SS7 Operator Point Codes Database

Major Global Operators

SS7 Attack Vectors

SS7 Attack Sequences

Testing Methodology

Security Tools