Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-04-27 07:59:59 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
5dfbeaef64fb917b99fb10c431690fc5a0adf429
rayhunter/doc/heuristics.md
Markus Unterwaditzer 86e08f9a85 Allow enabling/disabling analyzers from config file (#382) 
Co-authored-by: Will Greenberg <willg@eff.org>
2025-06-10 21:37:38 +02:00

16 lines
883 B
Markdown
Raw Blame History

# Heuristics
Rayhunter includes several analyzers to detect potential IMSI catcher activity. These can be enabled and disabled in your [config.toml](https://github.com/EFForg/rayhunter/blob/main/dist/config.toml.example) file.
## Available Analyzers
- **IMSI Requested**: Tests whether the ME sends an IMSI Identity Request NAS message
- **Connection Release/Redirected Carrier 2G Downgrade**: Tests if a cell
releases our connection and redirects us to a 2G cell. This heuristic only
makes sense in the US, European users may want to disable it.
- **LTE SIB6/7 Downgrade**: Tests for LTE cells broadcasting a SIB type 6 and 7
which include 2G/3G frequencies with higher priorities
- **Null Cipher** (disabled by default): Tests whether the cell suggests using a null cipher (EEA0).
This is currently disabled by default due to a parsing bug triggering false
positives.
Reference in New Issue View Git Blame Copy Permalink