Hunting Stingrays
If you wanted to go out and hunt stingray-style IMSI catchers, there are a few techniques I can suggest:
a) look at the broadcast data. GSM broadcast data is all "in the clear" for example global paging, neighbour cell lists and the like. A simulated basestation will stick out like a sore thumb especially if you probe the paging by calling an MS attached to the (real) network.
b) suspect failure of TMSI hand-in to the cell - this is designed to fall back to IMSI procedures to reveal the handset's identity.
c) challenge the network - get GPRS attached and make sure the network is authentic - it should firewall you in the same way as the real network. There are usually some subtle properties that are hard to get "just right".
You'll probably want to do all this stuff on a secondhand mobile phone with a PAYG SIM bought with cash in a corner shop with no CCTV . A phone with an aerial socket will be handy - you can attach a yagi antenna for some direction-finding.
Happy hunting!