Mobile networks exchange signaling messages to manage their users’ state. A spoofed signaling message can be leveraged by an attacker to change a victim user’s state and disable his/her service. Despite the mobile operators’ continuous efforts, such attacks can still be launched in the current 4G LTE Networks. We prototype and analyze 6 practical user DoS attacks that leverage Diameter, the protocol used in LTE to carry signaling messages. We demonstrate their damages and draw insights on how to defend against them.We propose D3, a device-centric software solution to detect and mitigate LTE Diameter attacks. Different from any previous solution, D3 operates at the device side only, without expensive infrastructure upgrade. With deep domain knowledge, D3 monitors and analyzes the control message exchange between the device and network when a certain service is disabled. By comparing with the normal state, D3 can infer if a Diameter attack is underway. It also supports device-only mitigation that can quickly help the device regain the service. We implement D3 on Android devices and show that it achieves a perfect success rate in combating all 6 Diameter attacks.