OpenBTSSafeOperation
Do not run OpenBTS in a band that is normally used for a public cellular
service in your area, because you risk disruption of service in a public
network, even if you are not directly interfering with the radio
transmissions.
This is a criminal act in most countries, and a much more serious offense
than a simple violation of radio spectrum regulaions.
It also incurs serious personal civil liability risk, since some neighbor's
phone might attach to your system while trying to place a SOS call.
Authority contact information
- France: ARCEP http://www.arcep.fr
- Germany: Bundesnetzagentur: http://www.bundesnetzagentur.de
For
more information about the frequency assignment in Germany contact the branch
office next to your location. A list can be found here
(See section "Frequenzzuteilung") - New Zealand: Ministry of Economic Development's Radio Spectrum Management
home page: http://www.rsm.govt.nz/cms They also have
a chart
of the radio spectrum allocations.
Faraday cage
Running OpenBTS in a Faraday cage is a safe way not to disrupt public
cellular service.
- Shielded test enclosures can be configured with appropriate bulkhead
connectors (e.g. N-type, SMA, etc.) to allow connection of an antenna (internal
to the enclosure) to a USRP's SMA connector. Phones can then be tested inside
the enclosure, and setup to either auto-answer, or controlled via a serial port
pass-through with the GSM AT commands (e.g. ATA, ATH to
answer/hang-up)
Shielded test enclosure manufacturers/vendors: (Please add
vendors/manufacturers for other parts of the world - this is not an endorsement
of the listed vendors)
Forensic shielded pouches
(vendor list of forensic shielded pouches)
OpenBTS configuration
This is work in progress. The following configuration is not guaranteed
to be safe regarding infrigements with public cellular service.
- GSM.Band: using a different band than the one used in your country is not an
adequate safeguard, because most gsm handsets out there today are mostly tri- or
quad-band, even using a band that's not normaly used locally, won't protect you
from a handset trying to use your basestation (for example to do an SOS
call).
- GSM.MCC and GSM.MNC: use 001/01 or with some other set of identity
parameters that have been designated for use by test networks in your country.
Do not use the same MCC and MNC as any of your local public
network operators, even if you are in a different band. That is spoofing and it
can lead to serious legal problems.
List of MCC/MNC on Wikipedia https://secure.wikimedia.org/wikipedia/en/wiki/Mobile_Network_Code
- GSM.RACH.AC 0x400: indicate no support for SOS calls, however, many phones
ignore that bit and will attempt SOS calls anyway, so it is not an adequate
safeguard.
- GSM.ARFCN: check both uplink and downlink frequencies are unoccupied (e.g
use usrp_fft.py). [But this is not sufficient to make it safe].
- Control.OpenRegistration: remove open registration to forbid unknown devices
from registering to your network.
注:OpenBTSSafeOperation(原文出处,翻译整理仅供参考!) |