Diameter Attack Simulator

Name: Diameter Attack Simulator
Author: RFS

Interactive simulation tool for learning Diameter protocol security vulnerabilities in 4G/5G networks. Practice attack techniques in a safe, educational environment.

Educational Use Only

This simulator is for educational purposes only. Only use these techniques on networks you own or have explicit permission to test. Unauthorized access to telecommunications networks is illegal and unethical.

Attack Scenarios

Select a Diameter attack scenario to simulate

S6a Subscriber Data Extraction

Extract subscriber profile data from HSS via S6a interface exploitation

Intermediate

45s

Diameter Routing Manipulation

Manipulate Diameter routing to redirect traffic through attacker-controlled nodes

Advanced

60s

Diameter Identity Spoofing

Impersonate legitimate Diameter nodes to gain unauthorized access

Intermediate

35s

Gx Policy Control Manipulation

Manipulate policy control decisions via Gx interface exploitation

Advanced

50s

S6a Subscriber Data Extraction

Extract subscriber profile data from HSS via S6a interface exploitation

Intermediate

Authentication

Steps

45s

Duration

High

Severity

Techniques Used:

Update-Location-Request

Subscriber Data Extraction

HSS Exploitation

Prerequisites:

Network access to Diameter signaling
Knowledge of S6a interface
Target IMSI

Potential Impact:

Unauthorized access to subscriber authentication vectors and profile information

Simulation Controls

Progress0%

Step 1 of 6

Step 1: Network Reconnaissance

Identify Diameter nodes and S6a interface endpoints in the target network

Technical Details:

Scan for Diameter nodes on port 3868, identify HSS and MME nodes, map S6a interface connectivity

Duration: 8 seconds

Step 1 of 6

Network Visualization

Real-time visualization of the Diameter attack flow

Attacker

fake-mme.attacker.com

DRA/Network

Diameter Routing

HSS

hss.operator.com

PCRF

pcrf.operator.com

Target UE

IMSI: 250012345678901

Ready to Start

Attack Timeline

Complete sequence of attack steps

Network Reconnaissance

Identify Diameter nodes and S6a interface endpoints in the target network

HSS Discovery

Locate the Home Subscriber Server (HSS) serving the target subscriber

MME Impersonation Setup

10s

Configure attacker node to impersonate a legitimate MME

ULR Message Crafting

Create malicious Update-Location-Request message

S6a Attack Execution

10s

Send ULR to HSS and extract subscriber data from response

Data Extraction & Analysis

Parse and analyze extracted subscriber profile information

Defense Strategies

Recommended mitigations for this attack scenario

Deploy Diameter Edge Agents (DEAs) with strict filtering rules

Implement mutual TLS authentication for all Diameter connections

Apply origin-based access control for S6a requests

Configure topology hiding to protect network architecture

Implement real-time monitoring for suspicious Diameter activity