diff options
| author | Alfredo Cardigliano <cardigliano@ntop.org> | 2024-09-02 18:11:02 +0200 |
|---|---|---|
| committer | Alfredo Cardigliano <cardigliano@ntop.org> | 2024-09-02 18:11:02 +0200 |
| commit | 2d040247a77c96a8411477e8ad38c0e07a5e1b54 (patch) | |
| tree | 39df9bae336b8b1f545c864575fe195fcbcbfd96 | |
| parent | bcce6beee493862175b8707b2433da7184fcba62 (diff) | |
Update doc
| -rw-r--r-- | doc/flow_risks.rst | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst index 47a992392..b84bda0fa 100644 --- a/doc/flow_risks.rst +++ b/doc/flow_risks.rst @@ -170,9 +170,9 @@ This is a placeholder for traffic exchanged with domain names that are considere .. _Risk 028: -NDPI_MALICIOUS_JA3 -================== -`JA3 <https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967>`_ is a method to fingerprint TLS traffic. This risk indicates that the JA3 of the TLS connection is considered suspicious (i.e. it has been found in known malware JA3 blacklists). nDPI does not fill this risk that instead should be filled by aplications sitting on top of nDPI (e.g. ntopng). +NDPI_MALICIOUS_FINGERPRINT +========================== +This risk indicates that the Fingerprint of the TLS connection is considered suspicious. nDPI does not fill this risk that instead should be filled by aplications sitting on top of nDPI (e.g. ntopng). .. _Risk 029: |