aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
...
* Added new check for detecting suspicious (too long) namesLuca Deri2020-08-21
|
* Added the ability do identigy as DGA those host/domain names with too many ↵Luca Deri2020-08-21
| | | | | | | consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
* Compilation fixLuca Deri2020-08-19
|
* Merge pull request #987 from lnslbrty/update/mysql-protocol-detectionLuca Deri2020-08-19
|\ | | | | Updated MySQL protocol detection to support server version 8.
| * Updated MySQL protocol detection to support server version 8.Toni Uhlig2020-08-19
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Merge pull request #985 from lnslbrty/add/SOAPLuca Deri2020-08-19
|\ \ | | | | | | Added support for SOAP.
| * | Added support for SOAP.Toni Uhlig2020-08-18
| | | | | | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | | Merge pull request #977 from adek05/devLuca Deri2020-08-19
|\ \ \ | |_|/ |/| | Enable building on OpenBSD 6.7
| * | OpenBSD: Do not redefine __LITTLE_ENDIAN__Adrian Zgorzałek2020-08-09
| | | | | | | | | | | | Will silence omnipresent compiler warnings when building ntopng.
| * | OpenBSD: Introduce pkt_timeval to deal with (bpf_)_timevalAdrian Zgorzałek2020-08-09
| | | | | | | | | | | | | | | | | | Some BSD APIs called in example/ return `struct bpf_timeval`, where nDPI APIs expect `struct timeval`. These two structs, besides having a different name, share the exact same set of fields.
* | | Added support for discordLuca Deri2020-08-16
| |/ |/|
* | Merge pull request #974 from IvanNardi/esni4Luca Deri2020-08-13
|\ \ | | | | | | Suspicious ESNI usage: add a comment and a pcap example
| * | Suspicious ESNI usage: add a comment and a pcap exampleNardi Ivan2020-08-06
| |/ | | | | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* | Fixes invalid detection on traffic on non standard portsLuca Deri2020-08-12
| |
* | Improved DGA detection algoritmLuca Deri2020-08-11
| |
* | Added HLL notesLuca Deri2020-08-11
| |
* | Fix typo.aouinizied2020-08-10
| |
* | Added case-insensitive substring matchingLuca Deri2020-08-10
|/
* Merge pull request #973 from IvanNardi/esni3Luca Deri2020-08-06
|\ | | | | Add risk flag about suspicious ESNI usage
| * Add risk flag about suspicious ESNI usageNardi Ivan2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a Client Hello, the presence of both SNI and ESNI may obfuscate the real domain of an HTTPS connection, fooling DPI engines and firewalls, similarly to Domain Fronting. Such technique is reported in a presentation at DEF CON 28: "Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise" Full credit for the idea must go the original author At the moment, the only way to get the pdf presention and related video is via https://forum.defcon.org/node/234492 Hopefully a direct link (and an example pcap) will be available soon
* | Added note on memory managementLuca Deri2020-08-06
| |
* | Added new ndpi_string_sha1_hash API callLuca Deri2020-08-05
| |
* | Fixed possible memory leak in TLS certificate handlingLuca Deri2020-08-05
|/
* Win #define fixLuca Deri2020-08-05
|
* Added check on payload lenght during extra packet processingLuca Deri2020-08-04
|
* Added new traffic category for connectivity check detectionLuca Deri2020-08-04
|
* Added memory checksLuca Deri2020-08-02
|
* Fixed partial TLS dissectionLuca Deri2020-07-30
|
* Restored TLS dissectionLuca Deri2020-07-30
|
* Tiny changes for TLS block lenght dissectionLuca Deri2020-07-29
|
* TLS dissection improvementsLuca Deri2020-07-28
|
* Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1)Luca Deri2020-07-27
|
* Boundary check on QUICLuca Deri2020-07-27
|
* Boundary checkLuca Deri2020-07-27
|
* Added parentheses to avoid issues with macro expansionLuca Deri2020-07-25
|
* SSH code cleanupLuca Deri2020-07-25
|
* Merge pull request #967 from MrRadix/devLuca Deri2020-07-25
|\ | | | | Ssh signature checking
| * added other ssh implementations to checkMrRadix2020-07-24
| |
| * added cipher checkMrRadix2020-07-22
| |
| * Resolved conflicts on fetchMrRadix2020-07-22
| |\
| * | fixed bug inside set bit macro callMrRadix2020-07-22
| | |
| * | modified new last two risksMrRadix2020-07-22
| | |
| * | added sscanf error handlingMrRadix2020-07-22
| | |
| * | improved performance and legibilityMrRadix2020-07-22
| | |
| * | merged with remoteMrRadix2020-07-22
| |\ \
| * | | improved ndpi_risk2str output for new risksMrRadix2020-07-22
| | | |
| * | | Merge remote-tracking branch 'ntop_origin/dev' into devMrRadix2020-07-22
| |\ \ \
| * | | | added new risks iside ndpi_risk2str functionMrRadix2020-07-22
| | | | |
| * | | | improved performance by removing linear scanMrRadix2020-07-22
| | | | |
| * | | | added ssh_analyse_signature_version and ssh_has_old_signature for check old ↵MrRadix2020-07-21
| | | | | | | | | | | | | | | | | | | | signature version of ssh
Powered by cgit, Themed by Ted Yin.