Some considerations about IMSI Detach DoS Attack
mazzi.teodolinda.gloria at gmail.com
Fri Jul 22 15:48:40 UTC 2011
as stated on OsmocomSecurity:
"A malicious attacker knowing the IMSI or TMSI of a victim can thus send
hand-crafted IMSI DETACH messages to a cell, causing the network to assume
the MS is no longer present in the network.This will effectively prevent the
delivery of all mobile-terminated (MT) services, such as SMS, voice calls,
Following the theory i've better understood how it works *, but still i
have some questions for you:
- what could happen if i will clone one SIM (Ki, IMSI) and use it to
register on the same network, but on different BTS/LAC, two phones? Which
will be rejected as first? Or both?
- if i will send an IMSI detach with one of them... also the other (that is
phisically in another BTS/LAC) will be disconnected?
- what could happen if i will connect a C123 with ./mobile to the network
using another SIM and then trying to forge IMSI_DET_IND with victim's
IMSI/TMSI and send to the network where the victim is connected (that could
mean the same network, but different BTS/LAC), this DoS will still be
What exactly i would like to know is, if someone already made some
experiments on it (obviously on private networks, with a legal experimental
license.) and eventually if there are any interesting results.
Thank you for attention.
* - http://www.gsmfordummies.com/gsmevents/detach.shtml
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the baseband-devel