aboutsummaryrefslogtreecommitdiff
path: root/wireshark/ndpi.lua
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2021-12-23 21:30:16 +0100
committerLuca Deri <deri@ntop.org>2021-12-23 21:30:16 +0100
commitc4ac53a03fa1fbfd5a5d7fea507cfcbe5b307914 (patch)
treedcf5ab420ea7c835b1eb5eaf4be718d2f257a81b /wireshark/ndpi.lua
parentfdb6481cd6d019651faea6cdd962db099cbf20a3 (diff)
Added support for Log4J/Log4Shell detection in nDPI via a new flow risk named NDPI_POSSIBLE_EXPLOIT
Diffstat (limited to 'wireshark/ndpi.lua')
-rw-r--r--wireshark/ndpi.lua1
1 files changed, 1 insertions, 0 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index dce26f1d9..28e4fce8e 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -78,6 +78,7 @@ flow_risks[36] = ProtoField.bool("ndpi.flow_risk.clear_text_credentials", "Cleat
flow_risks[37] = ProtoField.bool("ndpi.flow_risk.dns_large_packet", "DNS large packet", num_bits_flow_risks, nil, bit(5), "nDPI Flow Risk: DNS packet is larger than 512 bytes")
flow_risks[38] = ProtoField.bool("ndpi.flow_risk.dns_fragmented", "DNS fragmented", num_bits_flow_risks, nil, bit(6), "nDPI Flow Risk: DNS message is fragmented")
flow_risks[39] = ProtoField.bool("ndpi.flow_risk.invalid_characters", "Invalid characters", num_bits_flow_risks, nil, bit(7), "nDPI Flow Risk: Text contains non-printable characters")
+flow_risks[40] = ProtoField.bool("ndpi.flow_risk.possible_exploit", "Possible Exploit", num_bits_flow_risks, nil, bit(8), "nDPI Flow Risk: Possible exploit detected")
-- Last one: keep in sync the bitmask when adding new risks!!
flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(8))
Powered by cgit, Themed by Ted Yin.