This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.
Gloria Mazzi mazzi.teodolinda.gloria at gmail.comHi all, as stated on OsmocomSecurity: "A malicious attacker knowing the IMSI or TMSI of a victim can thus send hand-crafted IMSI DETACH messages to a cell, causing the network to assume the MS is no longer present in the network.This will effectively prevent the delivery of all mobile-terminated (MT) services, such as SMS, voice calls, CSD, ...". Following the theory i've better understood how it works [1]*, but still i have some questions for you: - what could happen if i will clone one SIM (Ki, IMSI) and use it to register on the same network, but on different BTS/LAC, two phones? Which will be rejected as first? Or both? - if i will send an IMSI detach with one of them... also the other (that is phisically in another BTS/LAC) will be disconnected? - what could happen if i will connect a C123 with ./mobile to the network using another SIM and then trying to forge IMSI_DET_IND with victim's IMSI/TMSI and send to the network where the victim is connected (that could mean the same network, but different BTS/LAC), this DoS will still be accomplished? What exactly i would like to know is, if someone already made some experiments on it (obviously on private networks, with a legal experimental license.) and eventually if there are any interesting results. Thank you for attention. Cheers Gloria *[1] - http://www.gsmfordummies.com/gsmevents/detach.shtml -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/baseband-devel/attachments/20110722/74a1ea00/attachment.htm>