diff options
Diffstat (limited to 'src/lib/protocols/http.c')
| -rw-r--r-- | src/lib/protocols/http.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 9b151c3b6..1b3ea7f66 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -679,8 +679,18 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ ndpi_hostname_sni_set(flow, packet->host_line.ptr, packet->host_line.len); flow->extra_packets_func = NULL; /* We're good now */ - if(strlen(flow->host_server_name) > 0) ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1); - + if(strlen(flow->host_server_name) > 0) { + ndpi_check_dga_name(ndpi_struct, flow, flow->host_server_name, 1); + + if(ndpi_is_valid_hostname(flow->host_server_name, + strlen(flow->host_server_name)) == 0) { + ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS); + + /* This looks like an attack */ + ndpi_set_risk(ndpi_struct, flow, NDPI_POSSIBLE_EXPLOIT); + } + } + if(packet->forwarded_line.ptr) { if(flow->http.nat_ip == NULL) { len = packet->forwarded_line.len; |