diff options
Diffstat (limited to 'src/lib/protocols/dns.c')
| -rw-r--r-- | src/lib/protocols/dns.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 784dd2f52..a0942badc 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -310,12 +310,8 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, rsp_type = get16(&x, packet->payload); rsp_ttl = ntohl(*((u_int32_t*)&packet->payload[x+2])); - if(rsp_ttl < 300) { - char buf[64]; - - snprintf(buf, sizeof(buf), "Low DNS Record TTL %d", rsp_ttl); - ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_SUSPICIOUS_TRAFFIC, buf); - } + if(rsp_ttl == 0) + ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_SUSPICIOUS_TRAFFIC, "DNS Record with zero TTL"); #ifdef DNS_DEBUG printf("[DNS] TTL = %u\n", rsp_ttl); |