This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.
Aleph void at techberto.comOn Fri, Jul 22, 2011 at 12:48, Gloria Mazzi < mazzi.teodolinda.gloria at gmail.com> wrote: > Hi all, > > as stated on OsmocomSecurity: > "A malicious attacker knowing the IMSI or TMSI of a victim can thus send > hand-crafted IMSI DETACH messages to a cell, causing the network to assume > the MS is no longer present in the network.This will effectively prevent the > delivery of all mobile-terminated (MT) services, such as SMS, voice calls, > CSD, ...". > > Following the theory i've better understood how it works [1]*, but still i > have some questions for you: > > - what could happen if i will clone one SIM (Ki, IMSI) and use it to > register on the same network, but on different BTS/LAC, two phones? Which > will be rejected as first? Or both? > Both will go to a blacklist that will block new GSM Attach in the same HLR from carrer, unless you use the OpenBSC! :-) > - if i will send an IMSI detach with one of them... also the other (that is > phisically in another BTS/LAC) will be disconnected? > > ...if dettach is promoted by the HLR: Yes. If by the another side: not. > - what could happen if i will connect a C123 with ./mobile to the network > using another SIM and then trying to forge IMSI_DET_IND with victim's > IMSI/TMSI and send to the network where the victim is connected (that could > mean the same network, but different BTS/LAC), this DoS will still be > accomplished? > > there are protections in the HLR / VLR of the GSM System network. What exactly i would like to know is, if someone already made some > experiments on it (obviously on private networks, with a legal experimental > license.) and eventually if there are any interesting results. > > I personally, know the existign protections but I never did experiences or dared to do this kind of experiment in my country for legal reasons, but its the kind of thing I´d like to do withn legal parameters. My experiences were only in experimental networks in faraday cage. > > Thank you for attention. > > Cheers > > Gloria > > > > > > > > *[1] - http://www.gsmfordummies.com/gsmevents/detach.shtml > -- - .... . -... . ... - .-- .- -.-- - --- .--. .-. . -.. .. -.-. - - .... . ..-. ..- - ..- .-. . .. ... - --- .. -. ...- . -. - .. - .- .-.. .- -. -.- .- -.-- """ The best way to predict the future is to invent it , Alan Kay "" /* 0x42 0x69 0x74 0x20 0x46 0x61 0x6e */ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/baseband-devel/attachments/20110722/82a6d4ec/attachment.htm>