diff options
| author | Luca Deri <deri@ntop.org> | 2021-12-23 21:30:16 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2021-12-23 21:30:16 +0100 |
| commit | c4ac53a03fa1fbfd5a5d7fea507cfcbe5b307914 (patch) | |
| tree | dcf5ab420ea7c835b1eb5eaf4be718d2f257a81b /doc | |
| parent | fdb6481cd6d019651faea6cdd962db099cbf20a3 (diff) | |
Added support for Log4J/Log4Shell detection in nDPI via a new flow risk named NDPI_POSSIBLE_EXPLOIT
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/flow_risks.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst index e4546307e..417426e48 100644 --- a/doc/flow_risks.rst +++ b/doc/flow_risks.rst @@ -241,3 +241,9 @@ NDPI_INVALID_CHARACTERS The risk is set whenever a dissected protocol contains characters not allowed in that protocol field. For example a DNS hostname must only contain a subset of all printable characters or else this risk is set. Additionally, some TLS protocol fields are checked for printable characters as well. + +.. _Risk 040: + +NDPI_POSSIBLE_EXPLOIT +===================== +The risk is set whenever a a possible exploit (e.g. Log4J/Log4Shell) is detected. |