1 files changed, 13 insertions, 1 deletions

diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c
index b0255cb63..3733b3747 100644
--- a/src/lib/protocols/smb.c
+++ b/src/lib/protocols/smb.c
@@ -52,7 +52,19 @@ static void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct
           if(packet->payload[8] != 0x72) /* Skip Negotiate request */ {
             NDPI_LOG_INFO(ndpi_struct, "found SMBv1\n");
             ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, NDPI_PROTOCOL_NETBIOS, NDPI_CONFIDENCE_DPI);
-            ndpi_set_risk(flow, NDPI_SMB_INSECURE_VERSION, "Found SMBv1");
+
+	    /*
+	      Before we complain let's check if this is a broadacast message
+	      as for broadcast we can tolerate v1 as it can be used to
+	      discover old device versions.
+
+	      As nDPI has not MAC address visibility (checking for destination MAC
+	      FF:FF:FF:FF:FF:FF would have been easier) we need to implement
+	      some heuristic here.
+	    */
+
+	    if(packet->payload[8] != 0x25) /* Skip SMB command Trans */
+	      ndpi_set_risk(flow, NDPI_SMB_INSECURE_VERSION, "Found SMBv1");
           }
           return;
         } else if(memcmp(&packet->payload[4], smbv2, sizeof(smbv2)) == 0) {