| Commit message (Collapse) | Author | Age | ||
|---|---|---|---|---|
| ... | ||||
| * | | | Added boundary check | Luca Deri | 2020-09-10 | |
| | | | | ||||
| * | | | Merge pull request #1014 from lnslbrty/improved/teamspeak | Luca Deri | 2020-09-09 | |
| |\ \ \ | | | | | | | | | Improved Teamspeak(3) protocol detection. | |||
| | * | | | Improved Teamspeak(3) protocol detection. | Toni Uhlig | 2020-09-09 | |
| | |/ / | | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * / / | Added extension to detect nested subdomains as used in Browsertunnel attack tool | Luca Deri | 2020-09-09 | |
| |/ / | | | | | | | https://github.com/veggiedefender/browsertunnel | |||
| * / | Improved dnscrypt v1/v2 protocol detection. | Toni Uhlig | 2020-09-06 | |
| |/ | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed off-by-one error in Kerberos protocol. | Toni Uhlig | 2020-09-02 | |
| | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Fixed false positive detection for Skype.SkypeCall (affects at least Cisco ↵ | Toni Uhlig | 2020-09-02 | |
| | | | | | | | HSRP and RADIUS). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Added boundary check | Luca Deri | 2020-09-01 | |
| | | ||||
| * | Added (optional) notifier for LRU add | Luca Deri | 2020-08-31 | |
| | | ||||
| * | QUIC: add support for GQUIC T050 and T051 | Nardi Ivan | 2020-08-30 | |
| | | | | | | | QUIC versioning wasn't complex enough without T05X family... These versions are very similar to Q050, but use TLS as their handshake protocol. | |||
| * | Improved ntop detection over HTTP | Luca Deri | 2020-08-30 | |
| | | | | | Added cap on number of attempts for CiscoVPN | |||
| * | Fixed false positive in suspicous user agent | Luca Deri | 2020-08-30 | |
| | | | | | Optimized stddev calculation | |||
| * | Merge pull request #996 from lnslbrty/fix/travis-ci | Luca Deri | 2020-08-28 | |
| |\ | | | | | Fix travis-ci related errors. | |||
| | * | Fixed use-of-uninitialized-value in QUIC clho decryption probably caused by ↵ | Toni Uhlig | 2020-08-27 | |
| | | | | | | | | | | | | | a BUG in libgcrypt (not verified). Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| | * | Moved NDPI_CURRENT_PROTO define before ndpi_api.h include to prevent a ↵ | Toni Uhlig | 2020-08-27 | |
| | | | | | | | | | | | | | redefinition warning. Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | | Passes method_len param to ndpi_http_str2method | Simone Mainardi | 2020-08-27 | |
| | | | ||||
| * | | Added ndpi_http_method ndpi_http_str2method(const char* method) API call | Luca Deri | 2020-08-26 | |
| |/ | ||||
| * | QUIC: minor fixes | Nardi Ivan | 2020-08-24 | |
| | | | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990) | |||
| * | Creared IoT-Scada category | Luca Deri | 2020-08-23 | |
| | | | | | Minor dnp3 changes | |||
| * | Warning fix | Luca Deri | 2020-08-22 | |
| | | ||||
| * | Add sub-classification for GQUIC >= Q050 and (IETF-)QUIC | Nardi Ivan | 2020-08-21 | |
| | | | | | | | | | | | | Add QUIC payload and header decryption: most of the crypto code has been "copied-and-incolled" from Wireshark. That code has been clearly marked as such. All credits for that code should go to the original authors. I tried to keep the Wireshark code as similar as possible to the original, comments included, to ease future backporting of fixes. Inevitably, glibc data types and data structures, tvbuff abstraction and allocation functions have been converted. | |||
| * | Update TLS dissector to handle QUIC flows | Nardi Ivan | 2020-08-21 | |
| | | | | | | | | Latest QUIC versions use TLS for the encryption layer: reuse existing code to allow Client Hello parsing and sub-classification based on SNI value. Side effect: we might have J3AC, TLS negotiated version, SNI value and supported cipher list for QUIC, too. | |||
| * | Major rework of QUIC dissector | Nardi Ivan | 2020-08-21 | |
| | | | | | | Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC | |||
| * | Merge pull request #987 from lnslbrty/update/mysql-protocol-detection | Luca Deri | 2020-08-19 | |
| |\ | | | | | Updated MySQL protocol detection to support server version 8. | |||
| | * | Updated MySQL protocol detection to support server version 8. | Toni Uhlig | 2020-08-19 | |
| | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | | Added support for SOAP. | Toni Uhlig | 2020-08-18 | |
| |/ | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com> | |||
| * | Suspicious ESNI usage: add a comment and a pcap example | Nardi Ivan | 2020-08-06 | |
| | | | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf | |||
| * | Merge pull request #973 from IvanNardi/esni3 | Luca Deri | 2020-08-06 | |
| |\ | | | | | Add risk flag about suspicious ESNI usage | |||
| | * | Add risk flag about suspicious ESNI usage | Nardi Ivan | 2020-08-05 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon | |||
| * | | Fixed possible memory leak in TLS certificate handling | Luca Deri | 2020-08-05 | |
| |/ | ||||
| * | Added check on payload lenght during extra packet processing | Luca Deri | 2020-08-04 | |
| | | ||||
| * | Added memory checks | Luca Deri | 2020-08-02 | |
| | | ||||
| * | Fixed partial TLS dissection | Luca Deri | 2020-07-30 | |
| | | ||||
| * | Restored TLS dissection | Luca Deri | 2020-07-30 | |
| | | ||||
| * | Tiny changes for TLS block lenght dissection | Luca Deri | 2020-07-29 | |
| | | ||||
| * | TLS dissection improvements | Luca Deri | 2020-07-28 | |
| | | ||||
| * | Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1) | Luca Deri | 2020-07-27 | |
| | | ||||
| * | Boundary check on QUIC | Luca Deri | 2020-07-27 | |
| | | ||||
| * | Boundary check | Luca Deri | 2020-07-27 | |
| | | ||||
| * | SSH code cleanup | Luca Deri | 2020-07-25 | |
| | | ||||
| * | added other ssh implementations to check | MrRadix | 2020-07-24 | |
| | | ||||
| * | added cipher check | MrRadix | 2020-07-22 | |
| | | ||||
| * | Resolved conflicts on fetch | MrRadix | 2020-07-22 | |
| |\ | ||||
| | * | Added changes for handlign SSSH cipher detection | Luca Deri | 2020-07-22 | |
| | | | ||||
| * | | fixed bug inside set bit macro call | MrRadix | 2020-07-22 | |
| | | | ||||
| * | | added sscanf error handling | MrRadix | 2020-07-22 | |
| | | | ||||
| * | | improved performance and legibility | MrRadix | 2020-07-22 | |
| | | | ||||
| * | | Merge remote-tracking branch 'ntop_origin/dev' into dev | MrRadix | 2020-07-22 | |
| |\| | ||||
| | * | User agent detection improvements | Luca Deri | 2020-07-21 | |
| | | | ||||
| * | | improved performance by removing linear scan | MrRadix | 2020-07-22 | |
| | | | ||||