diff options
| author | Luca Deri <deri@ntop.org> | 2024-08-25 11:34:43 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-08-25 11:34:43 +0200 |
| commit | bad0e60813e0b23a0cd96c92e58b9caa08eb8dec (patch) | |
| tree | 89df9e23d177fd83534cd3b1c7830dbc930489d3 /src | |
| parent | f7ee92c690ebce8841f1ab973b3d63146952f912 (diff) | |
Changed NDPI_MALICIOUS_JA3 to NDPI_MALICIOUS_FINGERPRINT
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 2 |
4 files changed, 6 insertions, 6 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a03e3d986..7e88aab8d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -139,7 +139,7 @@ typedef enum { NDPI_HTTP_SUSPICIOUS_CONTENT, NDPI_RISKY_ASN, NDPI_RISKY_DOMAIN, - NDPI_MALICIOUS_JA3, + NDPI_MALICIOUS_FINGERPRINT, NDPI_MALICIOUS_SHA1_CERTIFICATE, NDPI_DESKTOP_OR_FILE_SHARING_SESSION, /* 30 */ NDPI_TLS_UNCOMMON_ALPN, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8973e5536..2ffe6442c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -168,7 +168,7 @@ static ndpi_risk_info ndpi_known_risks[] = { { NDPI_HTTP_SUSPICIOUS_CONTENT, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE }, { NDPI_RISKY_ASN, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE }, { NDPI_RISKY_DOMAIN, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE }, - { NDPI_MALICIOUS_JA3, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, + { NDPI_MALICIOUS_FINGERPRINT, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, { NDPI_MALICIOUS_SHA1_CERTIFICATE, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE }, { NDPI_DESKTOP_OR_FILE_SHARING_SESSION, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE }, { NDPI_TLS_UNCOMMON_ALPN, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, @@ -3499,7 +3499,7 @@ static void ndpi_add_domain_risk_exceptions(struct ndpi_detection_module_struct NDPI_SUSPICIOUS_DGA_DOMAIN, NDPI_BINARY_APPLICATION_TRANSFER, NDPI_NUMERIC_IP_HOST, - NDPI_MALICIOUS_JA3, + NDPI_MALICIOUS_FINGERPRINT, NDPI_NO_RISK /* End */ }; u_int i; diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 5de1b7107..e0fd63796 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2013,8 +2013,8 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_RISKY_DOMAIN: return("Risky Domain Name"); - case NDPI_MALICIOUS_JA3: - return("Malicious JA3 Fingerp."); + case NDPI_MALICIOUS_FINGERPRINT: + return("Malicious Fingerpint"); case NDPI_MALICIOUS_SHA1_CERTIFICATE: return("Malicious SSL Cert/SHA1 Fingerp."); diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 9fe2a460a..88f92d0d5 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -2875,7 +2875,7 @@ compute_ja3c: NULL); if(rc1 == 0) - ndpi_set_risk(flow, NDPI_MALICIOUS_JA3, flow->protos.tls_quic.ja3_client); + ndpi_set_risk(flow, NDPI_MALICIOUS_FINGERPRINT, flow->protos.tls_quic.ja3_client); } } |