diff options
| author | Toni <matzeton@googlemail.com> | 2021-10-26 21:34:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-26 21:34:01 +0200 |
| commit | 41765efcf8159fd8b9dcf4ceca60fbd37e6e79e8 (patch) | |
| tree | 2a9f9993e91b4aa4e6f8c5f438d59fb0bc07ab93 /doc | |
| parent | 5ccc61d1cb3fd328aa9eb22cfc7eb3c020a3761e (diff) | |
Detect invalid characters in text and set a risk. Fixes #1347. (#1363)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/flow_risks.rst | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst index aa07aaa89..e4546307e 100644 --- a/doc/flow_risks.rst +++ b/doc/flow_risks.rst @@ -234,3 +234,10 @@ NDPI_DNS_FRAGMENTED UDP `DNS <https://en.wikipedia.org/wiki/Domain_Name_System>`_ packets cannot be fragmented. If so, this indicates a potential security risk (e.g. use DNS to carry data) or a misconfiguration. +.. _Risk 039: + +NDPI_INVALID_CHARACTERS +======================= +The risk is set whenever a dissected protocol contains characters not allowed in that protocol field. +For example a DNS hostname must only contain a subset of all printable characters or else this risk is set. +Additionally, some TLS protocol fields are checked for printable characters as well. |