Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-04-26 23:49:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix false positive on identity requested without attach described in #557

Browse Source
This commit is contained in:
Cooper Quintin
2025-08-22 14:10:09 -07:00
committed by Cooper Quintin
parent a5ec1c9505
commit 515bb40a76
1 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
lib/src/analysis/imsi_requested.rs
View File

@@ -56,15 +56,25 @@ impl ImsiRequestedAnalyzer {
self.timeout_counter = 0;
}
// IMSI or IMEI requetsed after auth accept
(State::AuthAccept, State::IdentityRequest) => {
self.flag = Some(Event {
event_type: EventType::High,
message: format!(
"Identity requested after auth request (frame {})",
self.packet_num
),
});
}
// Unexpected IMSI without AttachRequest
(current, State::IdentityRequest) if *current != State::AttachRequest => {
(State::Disconnect, State::IdentityRequest) => {
self.flag = Some(Event {
event_type: EventType::High,
message: format!(
"Identity requested without Attach Request (frame {})",
self.packet_num
)
.to_string(),
),
});
}
@@ -76,6 +86,17 @@ impl ImsiRequestedAnalyzer {
"Disconnected after Identity Request without Auth Accept (frame {})",
self.packet_num
)
});
}
// Notify on any identity reqeust (IMEI or IMSI)
(_, State::IdentityRequest) => {
self.flag = Some(Event {
event_type: EventType::Informational,
message: format!(
"Identity Request happened but its not suspicious yet. (frame {})",
self.packet_num
)
.to_string(),
});
self.timeout_counter = 0;
@@ -105,7 +126,7 @@ impl Analyzer for ImsiRequestedAnalyzer {
}
fn get_version(&self) -> u32 {
2
3
}
fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<Event> {