diff options
| author | Luca Deri <deri@ntop.org> | 2022-12-17 19:36:00 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-12-17 19:36:00 +0100 |
| commit | fb0a73c0c7725fbeafda18b816d72f0d2fd6bd02 (patch) | |
| tree | d306fdc3a72b5883283cb65cfabc62f7c72bb9fb /doc/flow_risks.rst | |
| parent | 3c4b12e061b61a79d9aa1da2ea6d166b37d51362 (diff) | |
Updated decription
Diffstat (limited to 'doc/flow_risks.rst')
| -rw-r--r-- | doc/flow_risks.rst | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst index 936fb2550..541b6d045 100644 --- a/doc/flow_risks.rst +++ b/doc/flow_risks.rst @@ -213,7 +213,7 @@ This risk is triggered when a TLS fatal alert is detected in the TLS flow. See ` NDPI_SUSPICIOUS_ENTROPY ======================= -This risk is used to detect suspicious data carried in ICMP packets whose entropy (used to measure how data is distributed, hence to indirectly guess the type of data carried on) is suspicious and thus that it can indicate a data leak. +This risk is used to detect suspicious data carried in ICMP packets whose entropy (used to measure how data is distributed, hence to indirectly guess the type of data carried on) is suspicious and thus that it can indicate a data leak. Suspicious values indicate random entropy or entropy that is similar to encrypted traffic. In the latter case, this can be a suspicious data exfiltration symptom. .. _Risk 036: |