Methods, systems, and devices for wireless communication are described. A user equipment (UE) may be configured to include procedures to mitigate denial of service (DoS) attack by a rogue base station when the initial non-access stratum (NAS) messages between the UE and a mobility management entity (MME) is unprotected. UE may maintain a temporary forbidden network list, which resides outside a subscriber identity module (SIM), and update a forbidden network list, which resides on the SIM, only under certain conditions. For example, a visited network, from which the UE receives a reject message, may be added to the forbidden network list on the SIM only when a counter associated with the visited network is equal to a maximum counter value, which is configured by the UE.