aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2022-06-13 23:42:07 +0200
committerLuca Deri <deri@ntop.org>2022-06-13 23:42:07 +0200
commit7a172ce11e0b8ebef5af842fc9bc1be6fc3ecc0c (patch)
treef1f207c2c39a13b2333aa98f1e24257ae280c0db
parentcf5873ffd72ba8b530429bda3c8931f9ada33747 (diff)
Added check for DGA names that resolve to a valid record
-rw-r--r--src/lib/protocols/dns.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index bdc0384be..784dd2f52 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -258,6 +258,10 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
snprintf(str, sizeof(str), "DNS Error Code %d", flow->protos.dns.reply_code);
ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED, str);
+ } else {
+ if(ndpi_isset_risk(ndpi_struct, flow, NDPI_SUSPICIOUS_DGA_DOMAIN)) {
+ ndpi_set_risk(ndpi_struct, flow, NDPI_RISKY_DOMAIN, "DGA Name Query with no Error Code");
+ }
}
if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */