Hello Andreas,
On Mon, 29 Mar 2010 13:39:21 +0200, "Andreas.Eversberg" Andreas.Eversberg@versatel.de wrote:
from the specs it is quite clear that every access burst has different random number when resending. but how does the network know if the burst is from the same phone but retransmitted? in case of poor uplink many bursts may be resent. will the network allocate a channel for every burst received and waits for timeout? (if this is the case, emergency calls could quickly 'evacuate' the cell.)
It does not even need a poor uplink. I experience this behaviour for example with OpenBSC and the nanoBTS. If the "Immediate Assignment" is not sent fast enough, a retransmitted RACH burst will allocate another channel (the timeout for releasing an unused channel is around 2 to 5 seconds in "real" GSM networks). The maximum number of the retransmitted RACH burst is controlled by a parameter in the SYSTEM INFORMATION messages (there are several parameters which control the RACH transmission behaviour).
Of course a "bad phone" can ignore those parameters and a DoS attack with continuous RACH bursts works quite well because the BTS or network does not know from which phone the burst come from.
Best regards, Dieter