aboutsummaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/ndpi_utils.c5
-rw-r--r--src/lib/protocols/teamviewer.c5
-rw-r--r--src/lib/protocols/tls.c2
3 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 8c2af79da..9ff1af500 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1767,9 +1767,12 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
case NDPI_MALICIOUS_JA3:
return("Possibly Malicious JA3 Fingerprint");
- case NDPI_MALICIOUS_SHA1:
+ case NDPI_MALICIOUS_SHA1_CERTIFICATE:
return("Possibly Malicious SSL Certificate SHA1 Fingerprint");
+ case NDPI_DESKTOP_OR_FILE_SHARING_SESSION:
+ return("Desktop/File Sharing Session");
+
default:
snprintf(buf, sizeof(buf), "%d", (int)risk);
return(buf);
diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c
index 5c221fada..97a8b3c1e 100644
--- a/src/lib/protocols/teamviewer.c
+++ b/src/lib/protocols/teamviewer.c
@@ -72,6 +72,7 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru
if (flow->l4.udp.teamviewer_stage == 4 ||
packet->udp->dest == ntohs(5938) || packet->udp->source == ntohs(5938)) {
ndpi_int_teamview_add_connection(ndpi_struct, flow);
+ ndpi_set_risk(flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance (UDP only) */
}
return;
}
@@ -90,8 +91,10 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru
else if (flow->l4.udp.teamviewer_stage) {
if (packet->payload[0] == 0x11 && packet->payload[1] == 0x30) {
flow->l4.udp.teamviewer_stage++;
- if (flow->l4.udp.teamviewer_stage == 4)
+ if (flow->l4.udp.teamviewer_stage == 4) {
ndpi_int_teamview_add_connection(ndpi_struct, flow);
+ ndpi_set_risk(flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance (UDP only) */
+ }
}
return;
}
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 985b5ee1e..ffb3740c8 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -674,7 +674,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
u_int16_t rc1 = ndpi_match_string(ndpi_struct->malicious_sha1_automa.ac_automa, sha1_str);
if(rc1 > 0)
- ndpi_set_risk(flow, NDPI_MALICIOUS_SHA1);
+ ndpi_set_risk(flow, NDPI_MALICIOUS_SHA1_CERTIFICATE);
}
processCertificateElements(ndpi_struct, flow, certificates_offset, certificate_len);
Powered by cgit, Themed by Ted Yin.