GPRS Security Threats and Solution ... - Juniper Networks

White Paper 

GPRS Security Threats and Solution 

Recommendations 

Alan Bavosa 

Product Manager 

Juniper Networks, Inc. 

1194 North Mathilda Avenue 

Sunnyvale, CA 94089 USA 

408 745 2000 or 888 JUNIPER 

www.juniper.net 

Part Number: 200074-002 June 2004

Contents 

Preface .......................................................................................................................................................3 

Introduction..............................................................................................................................................3 

GPRS Core Network Architecture Overview.....................................................................................3 

Classification of Security Services ........................................................................................................4 

Data Services on the Gp and Gi Interfaces...........................................................................................5 

Security Threats on the Gp Interface ....................................................................................................5 

Availability......................................................................................................................................5 

Authentication and Authorization..............................................................................................6 

Integrity and Confidentiality .......................................................................................................6 

Security Solutions for the Gp Interface ................................................................................................7 

Gp Network Solution Diagram ....................................................................................................8 

Security Threats on the Gi Interface .....................................................................................................8 

Availability......................................................................................................................................9 

Confidentiality................................................................................................................................9 

Integrity ...........................................................................................................................................9 

Authentication and Authorization..............................................................................................9 

Security Solutions on the Gi Interface..................................................................................................9 

Gi Network Security Solution Diagram ...................................................................................10 

Security Threats on the Gn Interface ..................................................................................................11 

Security Solutions on the Gn Interface...............................................................................................11 

Deploying GPRS Security Solutions on Juniper Security Systems ...............................................12 

Conclusion..............................................................................................................................................13 

Acknowledgements and Resources ...................................................................................................14 

Copyright © 2004, Juniper Networks, Inc.

GPRS Threats and Recommendations 

Preface 

Introduction 

This paper is intended to assist General Packet Radio Service (GPRS) operators and network 

designers in the evaluation of potential security threats and solutions. Although a brief 

review of GPRS architecture is provided, it is assumed that the reader understands the basic 

GPRS architecture and Internet Protocol data networking. This paper does not attempt to 

present an exhaustive list of all GPRS security issues. 

General Packet Radio Service (GPRS) is a data network architecture that is designed to 

integrate with existing GSM networks and offer mobile subscribers “always on” packet 

switched data services access to corporate networks and the Internet. GPRS provides mobile 

operators with an opportunity to offer higher-margin data access services to subscribers. In 

return, subscribers benefit from GPRS by being able to use higher bandwidth mobile 

connections to the Internet and corporate networks. GPRS Tunneling Protocol (GTP) is the 

protocol used by GSM or UTMS operators to convert radio signals from subscribers into data 

packets, and then to transport them in non-encrypted tunnels. GTP does not provide for 

inherent security. 

With the addition of GPRS to GSM, mobile operators are adding mobile Internet and virtual 

private network services to their existing mobile voice services. GPRS networks are connected 

to several external data networks including those of roaming partners, corporate customers, 

GPRS Roaming Exchange (GRX) providers, and the public Internet. By connecting their GPRS 

network to a variety of external networks, mobile operators must take the appropriate steps to 

protect their own network from attacks initiating from these external networks while 

continuing to provide access to and from them. Juniper Network’s purpose-built 

firewall/IPSec VPNs address many of the security problems operators face when developing 

GPRS-based service offerings. The most recent version of GTP is GTP 99. A prior version was 

called GTP 97. Juniper’s integrated firewall/VPN product line supports both versions of GTP. 

GPRS Core Network Architecture Overview 

In figure 1, the Mobile Station (MS) logically attaches to a Serving GPRS Support Node 

(SGSN). The main function of the SGSN is to provide data support services to the MS. The 

SGSN is logically connected to a Gateway GPRS Support Node (GGSN) via the GPRS 

Tunneling Protocol (GTP). The GTP connection within a given operator’s Public Land Mobile 

Network (PLMN) is called the Gn interface. The connection between two different PLMNs 

(mainly used to implement roaming agreements between providers) is the Gp interface. The 

GGSN provides the data gateway to external networks such as the public Internet or corporate 

network via the Gi interface. GTP is used to encapsulate data from the MS and also includes 

mechanisms for establishing, moving, and deleting tunnels between SGSN and GGSN in 

roaming scenarios. And finally, the interface used to connect a providers network to its 

internal Accounting and Billing systems is called the Ga interface. This is also referred to as 

GTP’ or GTP prime. 

Copyright © 2004, Juniper Networks, Inc. 3


The Gp and the Gi interfaces are the primary points of interconnection between the Operator’s 

network and untrusted external networks. Operators must take appropriate measures to 

protect their network from attacks originated on these external networks. 

Figure 1 

Corporate 

Network #1 

VPN 

Corporate 

Network #2 

Gi Interface 

Operators must secure connections between trusted and untrusted networks: 

Gi – interface between GPRS network and an external network, such as the Internet. 

Gp – interface between two mobile operators networks, primarily for roaming 

Ga – interface to Billing and Accounting systems 

Gn – interface which secures mobile providers internal network 

Classification of Security Services 

Firewall 

/IPSec VPN 

Ga Interface 

Operator 

Gn Interface 

Firewall 

/IPSec VPN 

Billing/ 

Accounting DB 

Gp Interface 

Roaming 

Partner #1 

GRX 

VPN 

Roaming 

Partner #2 

Security services are protections and assurances that provide mitigation against various 

threats. They are generally known as: 

� Integrity: Integrity is a security service that assures that data cannot be altered in an 

unauthorized or malicious manner. 

� Confidentiality: Confidentiality is the protection of data from disclosure to unauthorized 

third parties. 

� Authentication: Authentication provides assurance that a party in data communication is 

who or what they claim to be. 

� Authorization: Authorization is a security service that ensures that a party may only 

perform the actions that they’re allowed to perform 

� Availability: Availability means that data services are usable by the appropriate parties in 

the manner intended. 

4 Copyright © 2004, Juniper Networks, Inc.


� When considering security threats and possible mitigation, it is important to consider 

attacks against each of these services. In some cases, it may not be important to protect 

against certain threats. For example, it is not necessary to protect confidentiality of data 

that is intended to be public. 

Data Services on the Gp and Gi Interfaces 

In order to determine what security solutions are appropriate, it is necessary to first 

understand what type of traffic and data services are to be provided and then to analyze 

specific threats to those services. The Gp Interface is the logical connection between PLMNs 

that is used to support mobile (roaming) data users. GTP is used to establish a connection 

between a local SGSN and the user’s home GGSN. Generally the traffic that must be allowed 

to and from an operators network on the Gp is: 

� GTP: Provides logical connectivity between the SGSN and GGSN of roaming partners 

� BGP: Provides routing information between the operator and the GRX and/or roaming 

partners 

� DNS: Provides resolution for a subscribers APN 

The Gi interface is the interface that data originated by the MS is sent out towards, to access 

the Internet or a corporate network. It is also the interface that is exposed to public data 

networks and networks of corporate customers. Traffic being sent out from the GGSN on the 

Gi interface or arriving for an MS on the Gi interface can be virtually any kind of traffic since 

the application being used at the MS is unknown. 

Security Threats on the Gp Interface 

Availability 

The most common type of attack on availability is a denial of service (DOS) attack. There are 

several types of denial of service attacks that are possible on the Gp interface: 

� Border Gateway bandwidth saturation – a malicious operator that is connected to the same 

GRX (whether or not they’re actually a roaming partner) may have the ability to generate a 

sufficient amount of network traffic directed at a Border Gateway such that legitimate 

traffic is starved for bandwidth in or out of the PLMN, thus denying roaming access to or 

from the network 

� DNS Flood – DNS servers on the network can be flooded with either correctly or 

malformed DNS queries or other traffic thereby denying subscribers the ability to locate 

the proper GGSN to use as an external gateway. 

� GTP Flood – SGSNs and GGSNs may be flooded with unauthorized GTP traffic that cause 

them to spend their CPU cycles processing illegitimate data. This may prevent subscribers 

from being able to roam, to pass data out to external networks via the Gi, or from being 

able to GPRS attach to the network at all. 



� Spoofed GTP PDP Context Delete – An attacker with the appropriate information, can 

potentially craft a GTP PDP Context Delete message which will remove the GPRS Tunnel 

between the SGSN and GGSN for a subscriber. Crafting other types of network traffic can 

learn some of the information that must be known. If an attacker doesn’t care about whom 

they are denying service, they can send many PDP Context Delete messages for every 

tunnel ID that might be used. 

� Bad BGP Routing Information – An attacker who has control of a GRX operators’ routers 

or who can inject routing information into a GRX operators’ route tables, can cause an 

operator to lose routes for roaming partners thereby denying roaming access to and from 

those roaming partners. 

� DNS Cache Poisoning – It may be possible for an attacker to forge DNS queries and/or 

responses that cause a given user’s APN to resolve to the wrong GGSN or even none at all. 

If a long Time To Live (TTL) is given, this can prevent subscribers from being able to pass 

data at all. 

Authentication and Authorization 

Integrity and Confidentiality 

It may be possible for an imposter to appear to be a legitimate subscriber when they are not. 

� Spoofed Create PDP Context Request – GTP inherently provides no authentication for the 

SGSNs and GGSNs themselves. This means that given the appropriate subscriber 

information , an attacker with access to the GRX, another operator attached to the GRX, or 

a malicious insider can potentially create their own bogus SGSN and create a GTP tunnel 

to the GGSN of a subscriber. They can then pretend to be the legitimate subscriber when 

they are not. This can result in an operator providing illegitimate Internet access or 

possibly unauthorized access to the network of a corporate customer. 

� Spoofed Update PDP Context Request – An attacker can use their own SGSN or a 

compromised SGSN to send an Update PDP Context Request to an SGSN which is handling 

an existing GTP session. The attacker can then insert their own SGSN into the GTP session 

and hijack the subscriber data connection. 

� Overbilling Attacks – A new attack has emerged in GPRS networks called the “Overbilling 

Attack”. Such an attack is initiated by a malicious mobile station that hijacks an IP address 

of another mobile station and invokes a download from a malicious server on the Internet. 

Once the download begins, the malicious mobile station exits the session. The mobile 

station under attack, receiving the download traffic, gets charged for traffic it did not 

solicit. The same malicious party could execute this attack for the purpose of sending 

broadcasts of unsolicited data in the direction of subscriber cell phones. The effect is still 

the same, in that the subscriber is billed for data that they did not solicited and might not 

have wanted. Such an attack is not limited to the Gp interface. It can also occur by 

exploiting the Gi or Gn interfaces as well. 

� Should an attacker be in a position to access GTP or DNS traffic, they can potentially alter 

it mid-stream or discover confidential subscriber information. This is a fundamental issue 

with GTP as noted in 3GPP TS 09.60 V6.9.0: 

“No security is provided in GTP to protect the communication between different GPRS networks.” 



Capturing a subscriber’s data session – Because GTP and the embedded T-PDUs are not 

encrypted, an attacker who has access to the path between the GGSN and SGSN such as a 

malicious employee or hacker who has compromised access to the GRX, can potentially 

capture a subscriber’s data session. Without encryption, this data can then be read or 

manipulated by illegitimate parties. This is generally true of traffic on public networks and 

subscribers should be advised to utilize IPSec or similar protection. 

Security Solutions for the Gp Interface 

The fundamental issue with security threats on the Gp interface is the lack of security inherent 

in GTP. Implementing IPSec between roaming partners and managing traffic rates, can 

eliminate a majority of the Gp security risks. Specific security countermeasures to implement 

should include: 

� Ingress and egress packet filtering – This will help prevent the PLMN from being used as 

source to attack other roaming partners. If the mobile operator is connected to more than 

one GRX or private roaming peering connections, then this will also help ensure that 

spoofed roaming partner traffic cannot arrive on paths where that roaming partner is not 

connected. 

� Stateful GTP packet filtering – Only allow the traffic required and only from the sources 

and destinations of roaming partners. This will prevent other PLMNs connected to the 

same GRX from initiating many kinds of attacks. It will also prevent GSNs from having to 

process traffic from PLMNs that are not roaming partners as well as illegal or malformed 

traffic. Layer 3 and layer 4 stateful inspection is useful because it minimizes the exposure 

of the GPRS network, GTP stateful inspection is critical to protect GSNs. A firewall that 

supports GTP stateful inspection ensures that GSNs are not processing GTP packets that 

are malformed, have illegal headers, or are not of the correct state. This prevents many 

types of denial of service attacks and some others such as reconnaissance. 

� GTP Traffic Shaping – In order to prevent the shared resources of bandwidth and the 

GSN’s processor from being consumed by an attacker or a subscriber, GTP rate limiting 

should be implemented. Layer 3 and layer 4 rate limiting should also be implemented to 

address Denial of Service (DOS) attacks and ensure that bandwidth is appropriately 

apportioned between GTP, BGP, DNS, etc. 

� IPSec tunnels between roaming partners – A majority of confidentiality and authentication 

issues are addressed by implementing IPSec between you’re the mobile operator PLMN 

and that of the roaming partners. Generally, only GTP and DNS traffic should be allowed 

over the IPSec tunnel. No traffic should be permitted from roaming partners that does not 

arrive on the IPSec tunnel. 

� Overbilling Attack Prevention - Juniper’s solution enables the GTP firewall to notify the Gi 

firewall of an attack. The Gi firewall is then able to terminate the “hanging” sessions 

and/or tunnels, thus cutting off the unwanted traffic. As such, this prevents the GPRS 

subscriber from being “overbilled.” Again, this solution is not limited exclusively to the Gp 

interface. 


Gp Network Solution Diagram 


Figure 2 below illustrates a recommended configuration for the Gp interface. The border 

gateway router supporting BGP can either be in front of or behind the firewall. DNS, Radius, 

and DHCP servers should be located off of the Juniper security system on a separate network 

segment. The operations and management network should be located off a separate network 

segment as well. 

Figure 2 

Security Threats on the Gi Interface 

IPSec 

Roaming 

Partner #1 

GGSN SGSN 

Gp Interface 

The Gi interface is where the GPRS network connects to the Internet, corporate networks, and 

other network service providers who may provide services to subscribers. Because the 

subscriber’s applications can be virtually anything, operators will expose their network at the 

Gi to all types of network traffic. Subscribers are then exposed to all of the ills that we have 

today on the Internet including viruses, worms, Trojan horses, denial of service attacks, and 

other malicious network traffic. 

8 Copyright © 2004, Juniper Networks, Inc. 

GRX 

Internet 

GTP 

Roaming 

Partner #2


Availability 

Confidentiality 

Integrity 

Like the Gp interface, denial of service attacks represent the largest threat on the Gi interface. 

Some examples include: 

� Gi bandwidth saturation – Attackers may be able to flood the link from the PDN to the 

mobile operator with network traffic thereby prohibiting legitimate traffic to pass. 

� Flooding an MS – If a flood of traffic is targeted towards the network (IP) address of a 

particular MS, that MS will most likely be unable to use the GPRS network. This is 

particularly true because of the significant difference in available bandwidth on the air 

interface versus the Gi interface. 

� There is no protection of data from an MS to the public data network or corporate network. 

It is assumed that third parties can see data if IP Security or application layer security is 

not being used. 

� Data sent over public data networks can potentially be changed by intermediaries unless 

higher layer security is being used. 

Authentication and Authorization 

� Unless layer 2 or layer 3 tunnels are used at the GGSN to connect to the corporate network, 

it may be possible for one MS to access the corporate network of another customer. The 

source address of network traffic cannot be relied upon for authentication and 

authorization purposes because the MS or hosts beyond the MS can create packets with 

any addresses regardless of the IP address assigned to the MS. 

Security Solutions on the Gi Interface 

A majority of the security threats associated with the Gi interface stem from the possibility of 

denial of service attacks and adjacency attacks. Security solutions include: 

� Logical tunnels from the GGSN to corporate networks – It should not be possible to route 

traffic from the Internet to a corporate network, or between corporate networks at all. In 

order to implement this, make sure that the GGSN can logically separate corporate 

networks in layer 2 or layer 3 tunnels. If the connection to the corporate network is via the 

Internet, IPSec should be used to connect from the GGSN to the corporate network. 



� Traffic rate limiting – On connections to the Internet, prioritize IPSec traffic from corporate 

networks over that of other traffic. This will ensure that attacks from the Internet cannot 

disrupt mobile intranet services. Another consideration would be to use separate physical 

interfaces for corporate traffic and Internet traffic. 

� Stateful packet inspection – Use a security policy that only allows the MS to initiate 

connections to the public network and implement stateful packet filtering so that the MS 

never sees traffic that is initiated from the public network. If required, implement trusted 

application servers that are permitted by policy to push public network services to the MS. 

An alternative would be to consider two types of service--one where connections can be 

initiated from the Internet toward the MS and one where they cannot. 

� Ingress and egress packet filtering – Prevent the possibility of spoofed MS to MS data by 

blocking incoming traffic with the source addresses which are the same as those assigned 

to an MS for public network access. 

� Overbilling Attack Prevention - Juniper’s solution enables the GTP firewall to notify the Gi 

firewall of an attack. The Gi firewall is then able to terminate the “hanging” sessions 

and/or tunnels, thus cutting off the unwanted traffic. As such, this prevents the GPRS 

subscriber from being “overbilled.” Again, this solution is not limited exclusively to the Gi 

interface. 

Gi Network Security Solution Diagram 

� The Juniper Gi security solution uses a tunnel hub concept to logically separate traffic for 

different corporate networks and the Internet. In addition to IPSec tunnels and 802.1q 

VLANs, ATM, Frame Relay, and MPLS can be used in conjunction with third party 

switches and access concentrators. 

Figure 3 

Gi Interface 

10 Copyright © 2004, Juniper Networks, Inc. 

SGSN 

GGSN 

Corporation A Corporation B


Security Threats on the Gn Interface 

Providers not only need to worry about threats originating from the outside of their network. 

There are also many instances where threats may originate from the inside of a provider’s 

network. Or threats may emerge from the outside, but propagate within a provider’s network 

once the network barrier has been breached. This section will outline threats that may occur 

at the Gn interface, which is internal to a given provider’s GPRS network. 

� Attacks at the Gn interface in the network can potentially bring down the network depending 

on the intensity of the attack. This impact can lead to network downtime, loss of service, 

revenue loss and disgruntled customers 

� Spoofed SGSN or GGSN: There are instances where malicious users can disguise 

themselves as a legitimate part of the network by spoofing the IP address of a GGSN or 

SGSN. Once a party has established themselves as a legitimate network element or user, 

then they can take actions which are detrimental to customers or wireless carriers, such as 

deleting PDP contexts or sessions. By executing commands that a GGSN normally 

executes, such attacks can go undetected until the damage is done, unless the network is 

protected by a stateful firewall. 

� Spoofed GTP PDP Context Delete – An attacker with the appropriate 

information, can potentially craft a GTP PDP Context Delete message which will 

remove the GPRS Tunnel between the SGSN and GGSN for a subscriber. 

Crafting other types of network traffic can learn some of the information that 

must be known. If an attacker doesn’t care about whom they are denying 

service, they can send many PDP Context Delete messages for every tunnel ID 

that might be used. 

� Attacks from one mobile customer against another: Mobile customers, whether legitimate 

customers or not, may attack each other. One such attack is the previously described 

Overbilling attack. This attack can take the equivalent form of “spam” for a GPRS 

network. In this case, the malicious user, once they have gained what appears to be 

legitimate network access, can send massive amounts of data to unsuspecting users. Since 

GPRS is a “usage based” service, then innocent users are “overbilled” for content that they 

did not request. Such an attack would be even more harmful than spam is for email, as it 

becomes much more than an annoyance. Imagine if you were charged (on a per email 

basis) for every piece of junk email that you received from a spammer! 

Security Solutions on the Gn Interface 

Using policy based configuration and administration, providers can protect against security 

threats emerging from within the GPRS network. 

� Policy based Firewall management allows providers to use arbitrary Juniper’s arbitrary 

“any any” zone structure to protect against attacks originating from within the network. A 

simple “trust-untrust” architecture does not fully allow customers to do this due to the fact 

that there is often no concept of “untrust” within the confines of a given provider’s 

network. 



� Stateful Inspection Firewall: By deploying a stateful inspection firewall, and setting the 

policies by which you want to allow or disallow traffic, carriers can protect against the 

attacks mentioned above. For example, in the case of the spoofed GGSN messages, if a 

certain PDP context message did not pass the “sanity check” detection mechanisms, then 

they are dropped. In the example above, where a GTP PDP Context Delete message might 

be “spoofed” by a malicious user posing as a GGSN, if there was not a prior GTP PDP 

Context Create message received earlier, then this message would not pass the sanity 

check, and it would be dropped by the firewall. 

� Juniper’s Overbilling feature would enable a carrier to prevent the “spam” example from 

happening by deleting the “hijacked” session that the malicious party used to execute the 

attack. 

Deploying GPRS Security Solutions on Juniper Security Systems 

The Juniper Networks NetScreen 500-GPRS provides security technology to mitigate a wide 

variety of attacks on the Gp, Gn, Ga, Gi interfaces. These features include: 

� Full policy based protection at all major GPRS interfaces 

� Logical separation and administration via Virtual System (vsys) support 

� Support for both GTP 97 and GTP 99 

� GTP Packet Sanity Check 

� GTP Tunnel Limiting 

� Hardware-accelerated stateful packet filtering 

� Traffic rate limiting 

� GTP rate limiting by signaling or user plane 

� GTP stateful packet filtering 

� GPRS Overbilling Attack Prevention 

� Dynamic Routing (OSPF and BGP) 

� High Availability (using Juniper Redundancy Protocol – NSRP) 

� Route mode or Transparent mode 

� Web User Interface (WebUI) 

� Access Point Name Filtering (APN Filtering) 

� Active/Active mode 

� Active/Passive mode 

� Per direction APN filtering 

� GTP security policies including 

� GTP Message Type 

� GTP Message Length 

� IMSI Prefix filtering (MCC/MNC Filtering) 

� Filtering on a per mobile provider basis 



Conclusion 

� GTP Tunnel Count Limits 

� APN and Selection Mode 

� GTP Management and Logging Features 

� GTP Traffic Counting 

� GTP Traffic Logging 

� Many other advanced logging capabilities 

� High-availability fail-over including: 

� GTP state tables 

� VPN gateway connections 

� Virtual Router support to separate intranet destined traffic 

� IPSec tunnels or 802.1q VLANs to the GGSN 

� IPSec tunnels or 802.1q VLANs toward corporate network 

� Hardware-accelerated support for GTP over IPSec tunnels 

GPRS promises to benefit mobile data users greatly by providing always on higher bandwidth 

connections than are widely available today. In order to be successful, data connections must 

be secure and be available anytime and from anywhere. 

The maturity of security in the air interface, and the low bandwidth available limit the 

effectiveness of the Mobile Station as the source of attacks. However, with the introduction of 

GPRS services, operators must connect their networks to those of corporate customers, public 

data networks, and that of other operators to provide data access services. These connections 

represent significant risks to subscribers and the operators themselves. 

The lack of security inherent in GTP, the protocol used between roaming partners, represents 

a significant threat. The security of the roaming network is only as good as that of the 

weakest operator. Implementing IPSec between roaming partners, traffic rate limiting, and 

GTP stateful inspection can mitigate a significant number of threats on the roaming network. 

Stateful packet inspection, traffic rate limiting, and logical separation of traffic for each 

corporate network and the public network can significantly reduce the threat between the 

operator’s network, subscribers, and these networks. 

Juniper Networks has developed technology and solutions that include GTP-aware stateful 

inspection firewall, GTP aware traffic shaping, and a VPN/VLAN tunnel hub. These 

solutions help mitigate many of the possible threats to the GPRS network, mobile subscribers, 

and corporate networks. 


Acknowledgements and Resources 


The author wishes to thank the staff of Ericsson Research Labs, Berkeley, CA, for their 

assistance with the analysis of GTP and Gi interface security threats. 

Also special thanks to Jesse Shu of Juniper Networks GPRS Software Engineering. 

Other sources of helpful information include: 

Security in GPRS. Geir Stian Bajen and Erling Kaasin. May 2001 

http://siving.hia.no/ikt01/ikt6400/ekaasin/Master Thesis Web.htm 

Screening and filtering: In GPRS the subscriber pays MO and MT packets, how to protect 

against hackers and unwanted packets? Hannu H. KARI 

http://www.cs.hut.fi/~hhk/GPRS/lect/screening/ppframe.htm 

GPRS Security. Charles Brookson. December 2001. 

http://www.brookson.com/gsm/gprs.pdf 

Wireless and Mobile Network Architectures. Yi-Bing Lin, Herman C.-H Rao, Imrich 

Chlamtac. John Wiley and Sons 2001. 

Copyright © 2004 Juniper Networks, Inc. All rights reserved. 

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen logo are registered 

trademarks of Juniper Networks, Inc. NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-100, NetScreen- 

204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400, NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen- 

Remote Security Client, NetScreen-Remote VPN Client, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, GigaScreen ASIC, 

GigaScreen-II ASIC, and NetScreen ScreenOS are trademarks of Juniper Networks, Inc. All other trademarks and registered trademarks are the 

property of their respective companies. 

Information in this document is subject to change without notice. 

No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without 

receiving written permission from: 

Juniper Networks, Inc. 

1194 N. Mathilda Ave.Sunnyvale, CA 95014 ATTN: General Counsel

GPRS Security Threats and Solution ... - Juniper Networks

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?