Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION risk to remote protocols for remote assistance sessions

author: Luca Deri <deri@ntop.org> 2021-04-12 18:11:14 +0200
committer: Luca Deri <deri@ntop.org> 2021-04-12 18:11:14 +0200
commit: 18c6c1c2d68c4cc185d4c2fa0583776edf523042 (patch)
tree: 742591a0d5fd4c68a7714c5184f314379d779e41 /src/lib/ndpi_main.c
parent: bf318e0b86ecfe88db3c15ed7ae285b43e51c304 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index baf076a75..3ae724391 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4180,7 +4180,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
   flow->packet.l4_packet_len = l4len;
   flow->l4_proto = l4protocol;
 
-  /* tcp / udp detection */
+  /* TCP / UDP detection */
   if(l4protocol == IPPROTO_TCP && flow->packet.l4_packet_len >= 20 /* min size of tcp */) {
     /* tcp */
     flow->packet.tcp = (struct ndpi_tcphdr *) l4ptr;
@@ -5035,6 +5035,8 @@ uint8_t ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str,
     }
 #endif
 
+    // printf("====>> %u.%u [%u]\n", ret->master_protocol, ret->app_protocol, flow->detected_protocol_stack[0]);
+    
     switch(ret->app_protocol) {
       /*
       Skype for a host doing MS Teams means MS Teams
@@ -5077,6 +5079,11 @@ uint8_t ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str,
 	}
       }
       break;
+
+    case NDPI_PROTOCOL_ANYDESK:
+      if(flow->packet.tcp) /* TCP only */
+	ndpi_set_risk(flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance */
+      break;
     } /* switch */
 
     if(flow) {
author	Luca Deri <deri@ntop.org>	2021-04-12 18:11:14 +0200
committer	Luca Deri <deri@ntop.org>	2021-04-12 18:11:14 +0200
commit	18c6c1c2d68c4cc185d4c2fa0583776edf523042 (patch)
tree	742591a0d5fd4c68a7714c5184f314379d779e41 /src/lib/ndpi_main.c
parent	bf318e0b86ecfe88db3c15ed7ae285b43e51c304 (diff)