[Gsmmap] False Positives

Alex Senier alex at srlabs.de
Mon Mar 30 20:42:50 CEST 2015


On 25/03/15 21:00, simson1312 at riseup.net wrote:

> Can the results be false-positives? How to investigate that?

Yes, the detection metric used by SnoopSnitch is a heuristic. As such,
it could produce false positives (e.g. due to misconfigured cells,
unexpected network behavior etc.). The get some idea about what was
going on, you could send me your App ID an I could look into your data
(if you uploaded it).

> My other Question is regarding the Null Paging warning. What does SS7
> Null Paging mean?

It is an artifact we saw during our SS7 attack research. Basically you
have a paging that is aborted (without any useful transaction like a
call or SMS happening). Again, this is just a heuristic.


SnoopSnitch maintainer

More information about the Gsmmap mailing list