diff options
| author | Luca <deri@ntop.org> | 2022-02-03 09:17:54 +0100 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2022-02-03 09:17:54 +0100 |
| commit | 37ff626e78149b4eb877b042672801b58d797100 (patch) | |
| tree | 7654aeb95ebd3761a18ab49176d82bad1785f962 /src/lib | |
| parent | cd3d720ae36e943a3e9ddd7275b983df6c6652d0 (diff) | |
Added new IDN/Punycode risk for spotting internationalized domain names
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 11 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 4 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 063b65a54..a72eff8b8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -110,6 +110,7 @@ static ndpi_risk_info ndpi_known_risks[] = { { NDPI_INVALID_CHARACTERS, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE }, { NDPI_POSSIBLE_EXPLOIT, NDPI_RISK_SEVERE, CLIENT_HIGH_RISK_PERCENTAGE }, { NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE }, + { NDPI_PUNYCODE_IDN, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE }, /* Leave this as last member */ { NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE } @@ -7246,11 +7247,13 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_ memset(ret_match, 0, sizeof(*ret_match)); - rc = ndpi_automa_match_string_subprotocol(ndpi_str, flow, string_to_match, string_to_match_len, + rc = ndpi_automa_match_string_subprotocol(ndpi_str, flow, + string_to_match, string_to_match_len, master_protocol_id, ret_match); id = ret_match->protocol_category; - if(ndpi_get_custom_category_match(ndpi_str, string_to_match, string_to_match_len, &id) != -1) { + if(ndpi_get_custom_category_match(ndpi_str, string_to_match, + string_to_match_len, &id) != -1) { /* if(id != -1) */ { flow->category = ret_match->protocol_category = id; rc = master_protocol_id; @@ -7266,6 +7269,10 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_ ndpi_set_risk(ndpi_str, flow, NDPI_RISKY_DOMAIN); } + /* Add punycode check */ + if(ndpi_strnstr(string_to_match, "xn--", string_to_match_len)) + ndpi_set_risk(ndpi_str, flow, NDPI_PUNYCODE_IDN); + return(rc); } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 521e57615..dea83dbdc 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1844,6 +1844,10 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE: return("TLS Certificate About To Expire"); break; + + case NDPI_PUNYCODE_IDN: + return("IDN Domain Name"); + break; default: snprintf(buf, sizeof(buf), "%d", (int)risk); |