From 05a4fe955ebe1eb79388025bc40dc8320c209bf5 Mon Sep 17 00:00:00 2001
From: frank <francescocaccavale95@gmail.com>
Date: Thu, 24 Aug 2023 10:40:09 +0200
Subject: [PATCH] new id suci

---
 mmt-security.conf                                         | 2 +-
 rules/108.http2_payload_fuzzing.xml                       | 8 ++++----
 rules/{80.nas_suci_attack.xml => 112.nas_suci_attack.xml} | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)
 rename rules/{80.nas_suci_attack.xml => 112.nas_suci_attack.xml} (97%)

diff --git a/mmt-security.conf b/mmt-security.conf
index d1ed64f..394c780 100644
--- a/mmt-security.conf
+++ b/mmt-security.conf
@@ -1,5 +1,5 @@
 # maximum size, in bytes, of a report received from mmt-probe
-input.max_message_size 32824
+input.max_message_size 3000
 
 # number of fsm instances of one rule
 security.max_instances 100000
diff --git a/rules/108.http2_payload_fuzzing.xml b/rules/108.http2_payload_fuzzing.xml
index 339e253..3deb773 100644
--- a/rules/108.http2_payload_fuzzing.xml
+++ b/rules/108.http2_payload_fuzzing.xml
@@ -15,19 +15,19 @@ static bool em_check_fuzzing(int payload_length, const char* payload, double pac
 
 	//char*data;
 	//data=(char*)payload_data;
-	printf("payload length %d \n",payload_length);
+	//printf("payload length %d \n",payload_length);
 	bool result=false;
 	for (int i = 9; i < payload_length + 9 ; i++) {
 		//printf("  %02hhX ",payload[i]);
-		printf("  %c",payload[i]);
+		//printf("  %c",payload[i]);
 		if((payload[i]=='\\')|| payload[i]=='#' || (payload[i]=='%') || (payload[i]=='$')){
 			result=true;
 
-			 printf( " Rule 98:Recognized suspect fuzzing. Length %d  %f\n",payload_length,packet_id);
+			// printf( " Rule 98:Recognized suspect fuzzing. Length %d  %f\n",payload_length,packet_id);
 			 break;
 			}
 	}
-	printf("\n");
+	//printf("\n");
 	return result;
 }
 
diff --git a/rules/80.nas_suci_attack.xml b/rules/112.nas_suci_attack.xml
similarity index 97%
rename from rules/80.nas_suci_attack.xml
rename to rules/112.nas_suci_attack.xml
index 960b403..59d6a60 100644
--- a/rules/80.nas_suci_attack.xml
+++ b/rules/112.nas_suci_attack.xml
@@ -50,7 +50,7 @@ static inline bool em_5g_check_msg_throughput( const void *data ){
 	return (counter >= limit_5g_suci_requests_per_ms);
 }
 ]]></embedded_functions>
-<property value="THEN" delay_units="ms" delay_min="0" delay_max="1000" property_id="80" type_property="ATTACK" 
+<property value="THEN" delay_units="ms" delay_min="0" delay_max="1000" property_id="112" type_property="ATTACK" 
     description="5G SUCI attack recognition">
     <event value="COMPUTE" event_id="1" 
         description="Detected SUCI attack"