new id suci

Montimage · Aug 24, 2023 · 05a4fe9 · 05a4fe9
1 parent 2f3fb70
commit 05a4fe9
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/mmt-security.conf b/mmt-security.conf
@@ -1,5 +1,5 @@
 # maximum size, in bytes, of a report received from mmt-probe
-input.max_message_size 32824
+input.max_message_size 3000
 
 # number of fsm instances of one rule
 security.max_instances 100000

diff --git a/rules/108.http2_payload_fuzzing.xml b/rules/108.http2_payload_fuzzing.xml
@@ -15,19 +15,19 @@ static bool em_check_fuzzing(int payload_length, const char* payload, double pac
 
 	//char*data;
 	//data=(char*)payload_data;
-	printf("payload length %d \n",payload_length);
+	//printf("payload length %d \n",payload_length);
 	bool result=false;
 	for (int i = 9; i < payload_length + 9 ; i++) {
 		//printf("  %02hhX ",payload[i]);
-		printf("  %c",payload[i]);
+		//printf("  %c",payload[i]);
 		if((payload[i]=='\\')|| payload[i]=='#' || (payload[i]=='%') || (payload[i]=='$')){
 			result=true;
 
-			 printf( " Rule 98:Recognized suspect fuzzing. Length %d  %f\n",payload_length,packet_id);
+			// printf( " Rule 98:Recognized suspect fuzzing. Length %d  %f\n",payload_length,packet_id);
 			 break;
 			}
 	}
-	printf("\n");
+	//printf("\n");
 	return result;
 }
 

diff --git a/rules/80.nas_suci_attack.xml → rules/112.nas_suci_attack.xml b/rules/80.nas_suci_attack.xml → rules/112.nas_suci_attack.xml
@@ -50,7 +50,7 @@ static inline bool em_5g_check_msg_throughput( const void *data ){
 	return (counter >= limit_5g_suci_requests_per_ms);
 }
 ]]></embedded_functions>
-<property value="THEN" delay_units="ms" delay_min="0" delay_max="1000" property_id="80" type_property="ATTACK" 
+<property value="THEN" delay_units="ms" delay_min="0" delay_max="1000" property_id="112" type_property="ATTACK" 
     description="5G SUCI attack recognition">
     <event value="COMPUTE" event_id="1" 
         description="Detected SUCI attack"