Added FastFlux risk.add/fast-flux-risk

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

3 files changed, 6 insertions, 1 deletions

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 123c9edec..6ce36a123 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -118,6 +118,7 @@ typedef enum {
   NDPI_CLEAR_TEXT_CREDENTIALS,
   NDPI_DNS_LARGE_PACKET,
   NDPI_DNS_FRAGMENTED,
+  NDPI_DNS_FAST_FLUX,
   
   /* Leave this as last member */
   NDPI_MAX_RISK /* must be <= 63 due to (**) */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index d0ff8c486..6b54a70e2 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -106,6 +106,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
   { NDPI_CLEAR_TEXT_CREDENTIALS,                NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
   { NDPI_DNS_LARGE_PACKET,                      NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE },
   { NDPI_DNS_FRAGMENTED,                        NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE },
+  { NDPI_DNS_FAST_FLUX,                         NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
 
   /* Leave this as last member */
   { NDPI_MAX_RISK,                              NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE }
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 9839d8863..cd0e9db8d 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1791,7 +1791,10 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
     
   case NDPI_DNS_FRAGMENTED:
     return("Fragmented DNS message");
-      
+
+  case NDPI_DNS_FAST_FLUX:
+    return("Possible Fast-Flux botnet");
+
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);