aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/ndpi_main.c')
-rw-r--r--src/lib/ndpi_main.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 4160a6e0e..2f53d9e48 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6069,9 +6069,14 @@ static void ndpi_check_tcp_flags(struct ndpi_detection_module_struct *ndpi_str,
if((flow->l4.tcp.cli2srv_tcp_flags & TH_SYN)
&& (flow->l4.tcp.srv2cli_tcp_flags & TH_RST)
- && (flow->all_packets_counter < 5 /* Ignore connections terminated by RST but that exchanged data */)
+ && (flow->all_packets_counter < 5 /* Ignore connections terminated by RST but that exchanged data (3WH + RST) */)
)
- ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "Connection refused");
+ ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "Connection refused (server)");
+ else if((flow->l4.tcp.cli2srv_tcp_flags & TH_SYN)
+ && (flow->l4.tcp.cli2srv_tcp_flags & TH_RST)
+ && (flow->all_packets_counter < 5 /* Ignore connections terminated by RST but that exchanged data (3WH + RST) */)
+ )
+ ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "Connection refused (client)");
else if((flow->l4.tcp.srv2cli_tcp_flags & TH_RST) && (flow->packet_direction_counter[1 /* server -> client */] == 1))
ndpi_set_risk(ndpi_str, flow, NDPI_TCP_ISSUES, "TCP probing attempt");
}
Powered by cgit, Themed by Ted Yin.