Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3gppnetwork comprhensive domains list #13

Closed
ghost opened this issue Aug 3, 2018 · 4 comments
Closed

3gppnetwork comprhensive domains list #13

ghost opened this issue Aug 3, 2018 · 4 comments

Comments

@ghost
Copy link

ghost commented Aug 3, 2018

I've noticed my cellphone performing requests to epdg.epc.mncXXX.mccXXX.pub.3gppnetwork.org which was not present in your list. So I decided to script a DNS lookup on all the possible subdomain combination on 3gppnetwork.org

#!/bin/bash
# First Loop between 000 and 999
for a in `seq -s " " -w 000 999`
do
	#Second loop between 000 and 999
	for b in `seq -s " " -w 000 999`
	do
		#Using dig, try to retrieve the IP address (-t A) on the hostnames
		CONTENT=`dig @1.1.1.1 -t A epdg.epc.mnc$a.mcc$b.pub.3gppnetwork.org`
		#If we find "SOA" in the dig response, means that hostname has no associated IP address
		if [[ $CONTENT =~ .*SOA.* ]]
		then
			echo "epdg.epc.mnc"$a".mcc"$b".pub.3gppnetwork.org" >> 3gpp_dead.txt
		else
			echo "epdg.epc.mnc"$a".mcc"$b".pub.3gppnetwork.org" >> 3gpp_alive.txt
		fi
	done
done

Hopefully this can be easily adjusted to cover many other ad-network.
Obviously the ad-network is able to enable/disable any subdomain not picked up today. In that case, you can decide to:

  1. Blacklist all the possible subdomain, even if they are not alive (bigger file).
  2. Run the script periodically and update the list with only the live subdomains (slow but more accurate results).
  3. Switch to more sophisticated mechanisms to ban entirely subdomains (e.g.: *.pub.3gppnetwork.org)

Meanwhile the alive list is attachd
3gpp_alive.txt
@anudeepND
Copy link
Owner

anudeepND commented Aug 4, 2018
edited

@havoc88 Thanks for the information. But do you have any info on what is3gppnetwork.org? I don't know whether it's a tracker or not, if you have any info on this I will include all these domains in my host file
Edit: I found this code https://wiki.emulab.net/wiki/phantomnet/s1-handover-files I think these domains are used to upload debug logs? Can you confirm?

@kevinenglish-keyw
Copy link

3gppnetwork.org is the root domain for most Cell-over-WiFi calling. Cell phones participating in WiFi calls make ESP protocol connections to hostnames like:
edpg.epc.mnc260.mcc310.pub.3gppnetwork.org

Block these hosts and you block WiFi calls.

@dnmTX
Copy link

dnmTX commented Jul 26, 2019

@anudeepND if those domains are really affecting the WiFi calls as @kevinenglish-keyw stating please remove them from your lists as due to a poor cell signal in my place i heavily rely on WiFi calling.
Thanks bud,hope you're well 👍

@anudeepND
Copy link
Owner

anudeepND commented Jul 27, 2019
edited

@kevinenglish-keyw Thanks for letting me know, I was unable to verify these domains at that time. @dnmTX I will remove them ASAP

Edit: I remember I didn't add them to the list so nothing to remove :)

@anudeepND anudeepND reopened this Jul 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anudeepND @dnmTX @kevinenglish-keyw