The *Attacks* directory contains each of the attacks, each divided into its own subdirectory. Within each attack is a *\*.pcapng* file beginning with "Attacks_" that contains only the attack packets present in the "allcap" file. Files not beginning with "Attacks_" may contain some benign, incidental traffic.
55
55
56
-
## Surveillance Attacks
56
+
## Reconnaissance Attacks
57
57
58
58
### AMFLookingForUDM
59
59
This attack is performed by requesting information about the unified data management (UDM) network function while impersonating an access and mobility management function (AMF). Internally this attack appears to be a benign system request and exploits the fact that the network repository function (NRF) does not check if the source of the request is actually an AMF. This attack is performed with the following Linux command: