aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_utils.c
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2020-09-21 19:57:23 +0200
committerLuca Deri <deri@ntop.org>2020-09-21 19:57:23 +0200
commit60a9f6610d7b15c33ecd8db865cf8f7519ad0ef0 (patch)
tree9dbe80b23501ba77cd9bfc782d7ae34ec16b3381 /src/lib/ndpi_utils.c
parent0259ff58e13d94ee497d07072505c94ee8144a42 (diff)
Added risks for checking
- invalid DNS traffic (probably carrying exfiltrated data) - TLS traffic with no SNI extension
Diffstat (limited to 'src/lib/ndpi_utils.c')
-rw-r--r--src/lib/ndpi_utils.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 8360dd789..b96f52531 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1708,6 +1708,12 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
case NDPI_UNSAFE_PROTOCOL:
return("Unsafe Protocol");
+ case NDPI_DNS_SUSPICIOUS_TRAFFIC:
+ return("Suspicious DNS traffic"); /* Exfiltration ? */
+
+ case NDPI_TLS_MISSING_SNI:
+ return("SNI TLS extension was missing");
+
default:
snprintf(buf, sizeof(buf), "%d", (int)risk);
return(buf);
Powered by cgit, Themed by Ted Yin.