This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.
Gloria Mazzi mazzi.teodolinda.gloria at gmail.comHi Aleph, >> - what could happen if i will clone one SIM (Ki, IMSI) and use it to >> register on the same network, but on different BTS/LAC, two phones? Which >> will be rejected as first? Or both? >> > > Both will go to a blacklist that will block new GSM Attach in the same HLR > from carrer, unless you use the OpenBSC! :-) > > >> - if i will send an IMSI detach with one of them... also the other (that >> is phisically in another BTS/LAC) will be disconnected? >> >> > ...if dettach is promoted by the HLR: Yes. If by the another side: not. > > >> - what could happen if i will connect a C123 with ./mobile to the network >> using another SIM and then trying to forge IMSI_DET_IND with victim's >> IMSI/TMSI and send to the network where the victim is connected (that could >> mean the same network, but different BTS/LAC), this DoS will still be >> accomplished? >> >> > there are protections in the HLR / VLR of the GSM System network. > Could you please suggest me some ETSI specs where i can find more infos about HLR/VLR's security policies to prevent DoS? > > What exactly i would like to know is, if someone already made some >> experiments on it (obviously on private networks, with a legal experimental >> license.) and eventually if there are any interesting results. >> >> > I personally, know the existign protections but I never did experiences or > dared to do this kind of experiment in my country for legal reasons, but its > the kind of thing I´d like to do withn legal parameters. My experiences were > only in experimental networks in faraday cage. > It would be really interesting to analyze its behaviour on real networks, unfortunately as you stated, is quite illegal without a previous authorization from the provider of a pubblic GSM network. Unfotunately i own only an USRP and OpenBTS doesn't have the full support of a pseudo HLR/VLR, so i cannot make further investigations about it. Which results did you reach with OpenBSC? Have you tried to forge some IMSI_DET_IND and trying to DoS other MS, camped to the same BTS? At the state of art, as i can see, this attack is more theorical than practical (i'm talking about real networks' applications). Or am i wrong? Thank you for attention. Cheers Gloria -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/baseband-devel/attachments/20110722/6932a738/attachment.htm>