Better DGA detection (slightly decreased accuracy)

author: Luca Deri <deri@ntop.org> 2021-03-20 17:56:24 +0100
committer: Luca Deri <deri@ntop.org> 2021-03-20 17:56:24 +0100
commit: 627299e4ddd7d39fcc7ce8cd703be0ed8f92da4a (patch)
tree: 1cc856b772fb5f56a84df4fb631b468237dd81e1 /src/lib/ndpi_main.c
parent: 6333bb1702619d29e7f6ce2acf9091c0ccc436c9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 50fccbefa..f4b949b2b 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -7464,7 +7464,7 @@ uint8_t ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str,
 	     - https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
 	     - http://ubiqx.org/cifs/NetBIOS.html
 	   */
-	   || (max_domain_element_len >= 19 /* word too long. Example bbcbedxhgjmdobdprmen.com */)
+	   || ((max_domain_element_len >= 19 /* word too long. Example bbcbedxhgjmdobdprmen.com */) && ((num_char_repetitions > 1) || (num_digits > 1)))	       
 	   ) {
 	  if(flow) ndpi_set_risk(flow, NDPI_SUSPICIOUS_DGA_DOMAIN);
author	Luca Deri <deri@ntop.org>	2021-03-20 17:56:24 +0100
committer	Luca Deri <deri@ntop.org>	2021-03-20 17:56:24 +0100
commit	627299e4ddd7d39fcc7ce8cd703be0ed8f92da4a (patch)
tree	1cc856b772fb5f56a84df4fb631b468237dd81e1 /src/lib/ndpi_main.c
parent	6333bb1702619d29e7f6ce2acf9091c0ccc436c9 (diff)