diff options
| author | Paulo Angelo <pa@pauloangelo.com> | 2017-08-09 14:17:07 -0300 |
|---|---|---|
| committer | Paulo Angelo <pa@pauloangelo.com> | 2017-08-09 14:17:07 -0300 |
| commit | d8ed5b10052f141624f4840fbfdb8f1f5f20f6fc (patch) | |
| tree | eb0b57a5bfbd8b7d718cdea0333e768fda16f9b3 | |
| parent | 93ceb14302f38c24fc5cfc67e7f6ae3b218e89c9 (diff) | |
final revision.
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index c357cdbc0..54043d581 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7984,7 +7984,7 @@ static ndpi_network host_protocol_list[] = { - Web sites (and CDNs) which are not commonly used to host malicious activities. - OS update hosts. - App stores. - - Commonly used services in encrypted channels (SMTPS, POPS, etc) + - Commonly used services with passwords in encrypted channels (SMTPS, POPS, etc) NDPI_PROTOCOL_ACCEPTABLE - Cloud services may be used to host malware (e.g., https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html), @@ -7994,7 +7994,6 @@ static ndpi_network host_protocol_list[] = { - Text, voice or video communication (e.g., Skype, Slack, Whatsapp). - Ads services are commonly used to spread malware (https://www.tripwire.com/state-of-security/security-data-protection/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites/) - - Commonly used services in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_FUN - Social media sites and services. @@ -8010,6 +8009,7 @@ static ndpi_network host_protocol_list[] = { - https://www.scmagazine.com/600-plus-cloud-repositories-spotted-hosting-malware-and-malicious-files/article/572205/ - https://howtoremove.guide/remove-s3-amazonaws-virus/ - Torrents. + - Commonly used services with passwords in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_POTENTIALLY_DANGEROUS - Tor and other anonymization access. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3eb043db7..228b4606f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -704,7 +704,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_CONTROL, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, no_master, no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, @@ -714,7 +714,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_POP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, no_master, no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, @@ -734,7 +734,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_IMAP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, no_master, no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, @@ -1275,7 +1275,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_PPTP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, no_master, no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, |