5G Security Operations — SOC for 5G Core Networks · Pro

Lab: Detecting GTP-C tunnel hijacking in logs

Lab Scenario: Suspected GTP-C Hijacking

You are a SOC analyst at a Tier-1 operator. Your NDR sensor has flagged a high-priority alert: GTP-C Modify Bearer Request messages targeting a small set of subscribers, with the new tunnel endpoint pointing to an IP that is not in the authorized roaming partner list. The lab walks through investigating this alert systematically, confirming or refuting the hijacking hypothesis, containing the suspected attack, and feeding findings into permanent detection improvement.

Continue reading with Pro

Your free trial has ended. Subscribe to unlock the full lesson plus all 32 advanced levels, 900 lessons, labs, and 17 TELCOMA certification exams.

$19/month or $199/year·7-day money-back guarantee·Cancel anytime