Hi all,<br><br>as stated on OsmocomSecurity:<br>&quot;A malicious attacker knowing the IMSI or TMSI of a victim can thus send 
hand-crafted IMSI DETACH messages to a cell, causing the network to 
assume the MS is no longer present in the network.This will effectively prevent the delivery of all mobile-terminated (MT) services, such as SMS, voice calls, CSD, ...&quot;.<br><br>Following the theory i&#39;ve better understood how it works [1]*, but still i have some questions for you:<br>
<br>- what could happen if i will clone one SIM (Ki, IMSI) and use it to register on the same network, but on different BTS/LAC, two phones? Which will be rejected as first? Or both?<br><br>- if i will send an IMSI detach with one of them... also the other (that is phisically in another BTS/LAC) will be disconnected?<br>
<br>- what could happen if i will connect a C123 with ./mobile to the network using another SIM and then trying to forge IMSI_DET_IND with victim&#39;s IMSI/TMSI and send to the network where the victim is connected (that could mean the same network, but different BTS/LAC), this DoS will still be accomplished?<br>
<br>What exactly i would like to know is, if someone already made some experiments on it (obviously on private networks, with a legal experimental license.) and eventually if there are any interesting results.<br><br><br>
Thank you for attention.<br><br>Cheers<br><br>Gloria<br><br><br><br><br><br><br><br>*[1] - <a href="http://www.gsmfordummies.com/gsmevents/detach.shtml">http://www.gsmfordummies.com/gsmevents/detach.shtml</a> <br>