I find that real-world networks page by IMSI 10%-25% of the time,
depending on the operator and location. According to Harald's blog
post on this topic, recently referenced on this list, he has made
similar observations and offers some possibilities as to why.
Also, as Steve Markgraf pointed out, GSM 04.08 9.1.22.3 explicitly
disallows paging by IMEI. Networks are not supposed to do it and
phones are not supposed to respond to it. It would be easy for
someone to hack OpenBTS or OpenBSC to see how phones respond to this
type of paging, but I have never seen it in a real network. I doubt
seriously if any phone will respond, but I do wonder how many will
crash their baseband stacks when presented with these messages.
On Jan 30, 2011, at 9:34 AM, John Orlando wrote:
It is up to the network to decide what ID type it wants to use to
page a mobile, and this is dependent on a number of factors.
Almost always it uses the TMSI, sometimes IMSI, and _very_ rarely
an IMEI. It is certainly possible that the network can also
request identity info (IMSI, IMEI) from the mobile on the dedicated
channel, as well as a whole host of other message requests while on
the dedicated channel.
David A. Burgess
Kestrel Signal Processing, Inc.