diff options
| author | Luca <deri@ntop.org> | 2022-02-03 09:17:54 +0100 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2022-02-03 09:17:54 +0100 |
| commit | 37ff626e78149b4eb877b042672801b58d797100 (patch) | |
| tree | 7654aeb95ebd3761a18ab49176d82bad1785f962 /wireshark | |
| parent | cd3d720ae36e943a3e9ddd7275b983df6c6652d0 (diff) | |
Added new IDN/Punycode risk for spotting internationalized domain names
Diffstat (limited to 'wireshark')
| -rw-r--r-- | wireshark/ndpi.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index ff6c255d0..dfda193ec 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -80,6 +80,7 @@ flow_risks[38] = ProtoField.bool("ndpi.flow_risk.dns_fragmented", "DNS fragmente flow_risks[39] = ProtoField.bool("ndpi.flow_risk.invalid_characters", "Invalid characters", num_bits_flow_risks, nil, bit(7), "nDPI Flow Risk: Text contains non-printable characters") flow_risks[40] = ProtoField.bool("ndpi.flow_risk.possible_exploit", "Possible Exploit", num_bits_flow_risks, nil, bit(8), "nDPI Flow Risk: Possible exploit detected") flow_risks[41] = ProtoField.bool("ndpi.flow_risk.cert_about_to_expire", "TLS cert about to expire", num_bits_flow_risks, nil, bit(9), "nDPI Flow Risk: TLS certificate about to expire") +flow_risks[42] = ProtoField.bool("ndpi.flow_risk.punycode_idn", "IDN Domain Name", num_bits_flow_risks, nil, bit(10), "nDPI Flow Risk: IDN Domain Name") -- Last one: keep in sync the bitmask when adding new risks!! flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(10)) |