Added risks for checking

- invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
author: Luca Deri <deri@ntop.org> 2020-09-21 19:57:23 +0200
committer: Luca Deri <deri@ntop.org> 2020-09-21 19:57:23 +0200
commit: 60a9f6610d7b15c33ecd8db865cf8f7519ad0ef0 (patch)
tree: 9dbe80b23501ba77cd9bfc782d7ae34ec16b3381 /src/include
parent: 0259ff58e13d94ee497d07072505c94ee8144a42 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index beef59fee..7094ef9a6 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -68,7 +68,7 @@ typedef enum {
   NDPI_TLS_OBSOLETE_VERSION,
   NDPI_TLS_WEAK_CIPHER,
   NDPI_TLS_CERTIFICATE_EXPIRED,
-  NDPI_TLS_CERTIFICATE_MISMATCH,
+  NDPI_TLS_CERTIFICATE_MISMATCH, /* 10 */
   NDPI_HTTP_SUSPICIOUS_USER_AGENT,
   NDPI_HTTP_NUMERIC_IP_HOST,
   NDPI_HTTP_SUSPICIOUS_URL,
@@ -78,9 +78,11 @@ typedef enum {
   NDPI_MALFORMED_PACKET,
   NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER,
   NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER,
-  NDPI_SMB_INSECURE_VERSION,
+  NDPI_SMB_INSECURE_VERSION, /* 20 */
   NDPI_TLS_SUSPICIOUS_ESNI_USAGE,
   NDPI_UNSAFE_PROTOCOL,
+  NDPI_DNS_SUSPICIOUS_TRAFFIC,
+  NDPI_TLS_MISSING_SNI,
   
   /* Leave this as last member */
   NDPI_MAX_RISK /* must be <= 31 due to (**) */
author	Luca Deri <deri@ntop.org>	2020-09-21 19:57:23 +0200
committer	Luca Deri <deri@ntop.org>	2020-09-21 19:57:23 +0200
commit	60a9f6610d7b15c33ecd8db865cf8f7519ad0ef0 (patch)
tree	9dbe80b23501ba77cd9bfc782d7ae34ec16b3381 /src/include
parent	0259ff58e13d94ee497d07072505c94ee8144a42 (diff)