[Gsmmap] Trouble triggering snoopsnitch

Joshua Brindle brindle at quarksecurity.com
Mon Nov 28 15:37:17 CET 2016


Yes, pcap is attached.

Thank you.

Luca Melette wrote:
> Hi Joshua,
>
> The logic that detects rejected location updates should work for both
> GSM and UMTS.
> I can imagine a single case that would stay under the radar, that is,
> if a mobile already sends the IMSI in the LUR message and the network
> then rejects it.
> Would you be able to collect a pcap and share it via mail?
>
> Cheers,
>
> LM
>
>> Hello,
>>
>> I am attempting to trigger an alert on Snoopsnitch 1.0.1. It is
>> running on a Nexus 5 running CM and seems to be working (runs
>> analysis, can run active test).
>>
>> The phone is running with a valid SIM card and connects to its normal
>> network fine.
>>
>> I an running OpenBTS-UMTS into a Ramsey box. I put the phone in the
>> box and run OpenBTS and when the phone tries to connect I see the
>> IMSI when the authentication fails (so I successfully caught the
>> IMSI) but nothing in Snoopsnitch ever triggers.
>>
>> Is this expected to trigger it? If not, why not? Is there a more
>> efficient way to show it working?
>>
>> Thank you.
>> _______________________________________________
>> Gsmmap mailing list
>> Gsmmap at lists.srlabs.de
>> https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
>
> _______________________________________________
> Gsmmap mailing list
> Gsmmap at lists.srlabs.de
> https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap

-------------- next part --------------
A non-text attachment was scrubbed...
Name: snoopsnitch_2016-11-28_14-26-19UTC.pcap
Type: application/octet-stream
Size: 26864 bytes
Desc: not available
URL: <http://lists.srlabs.de/pipermail/gsmmap/attachments/20161128/c3967826/attachment-0001.obj>


More information about the Gsmmap mailing list