aboutsummaryrefslogtreecommitdiff
path: root/tests/result
Commit message (Collapse)AuthorAge
...
* Fixed false positive in suspicous user agentLuca Deri2020-08-30
| | | | Optimized stddev calculation
* QUIC: minor fixesNardi Ivan2020-08-24
| | | | | | LGTM found a real issue on a boundary check Fix unit tests: a pcap ha been uploaded twice (with different names) Fix compilation when using DPDK (see #990)
* Creared IoT-Scada categoryLuca Deri2020-08-23
| | | | Minor dnp3 changes
* Added som GQUIC and IETF QUIC test pcapsLuca Deri2020-08-22
|
* Add sub-classification for GQUIC >= Q050 and (IETF-)QUICNardi Ivan2020-08-21
| | | | | | | | | | | Add QUIC payload and header decryption: most of the crypto code has been "copied-and-incolled" from Wireshark. That code has been clearly marked as such. All credits for that code should go to the original authors. I tried to keep the Wireshark code as similar as possible to the original, comments included, to ease future backporting of fixes. Inevitably, glibc data types and data structures, tvbuff abstraction and allocation functions have been converted.
* Major rework of QUIC dissectorNardi Ivan2020-08-21
| | | | | Improve support for GQUIC (up to Q046) and add support for Q050 and (IETF-)QUIC Still no sub-classification for Q050 and QUIC
* Added new check for detecting suspicious (too long) namesLuca Deri2020-08-21
|
* Added the ability do identigy as DGA those host/domain names with too many ↵Luca Deri2020-08-21
| | | | | | | consucutive repeated characters such as ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa used fr netbios reflection attacks https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf
* MySQL8 updateLuca Deri2020-08-21
|
* Added (manipulated) MySQL 8 test pcap.Toni Uhlig2020-08-20
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #974 from IvanNardi/esni4Luca Deri2020-08-13
|\ | | | | Suspicious ESNI usage: add a comment and a pcap example
| * Suspicious ESNI usage: add a comment and a pcap exampleNardi Ivan2020-08-06
| | | | | | | | See: 79b89d286605635f15edfe3c21297aaa3b5f3acf
* | Fixes invalid detection on traffic on non standard portsLuca Deri2020-08-12
|/
* Added new traffic category for connectivity check detectionLuca Deri2020-08-04
|
* Fixed partial TLS dissectionLuca Deri2020-07-30
|
* Changed due to bin size extensionLuca Deri2020-07-30
|
* TLS dissection improvementsLuca Deri2020-07-28
|
* Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1)Luca Deri2020-07-27
|
* SSH code cleanupLuca Deri2020-07-25
|
* User agent detection improvementsLuca Deri2020-07-21
|
* Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in ↵Toni Uhlig2020-07-11
| | | | | | | | | the version string buffer. * added also GREASE supported tls versions as specified in https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Updated test results due to bin changesLuca Deri2020-07-09
|
* Improved HTTP line parsing if request splitted into multiple packets.Toni Uhlig2020-07-05
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixed heap overflow in tls esni extraction triggered by manipulated packets.Toni Uhlig2020-06-29
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Update test resultsNardi Ivan2020-06-28
|
* DNP3: add missing initializationNardi Ivan2020-06-28
|
* TLS: extract JA3 signatures in some corner casesNardi Ivan2020-06-28
| | | | | In some (rare) cases, Client Hello message contains lots of cipher suits.
* Fixed off-by-one error in h323.Toni Uhlig2020-06-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added malformed packet risk supportLuca Deri2020-06-26
|
* Fixed missing length check in fbzero.Toni Uhlig2020-06-23
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Fixes #906Luca Deri2020-06-22
| | | | Packet bins are not printed wehn empty
* Added ndpi_bin_XXX APILuca Deri2020-06-22
| | | | Added packet lenght distribution bins
* Fixed use after free caused by dangling pointerToni Uhlig2020-06-21
| | | | | | * This fix also improved RCE Injection detection Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Merge pull request #920 from lnslbrty/fix/tls-rdn-crashLuca Deri2020-06-19
|\ | | | | Fixed stack overflow caused by missing length check
| * Fixed stack overflow caused by missing length checkToni Uhlig2020-06-18
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | Added GoogleDNS DoH on Android 10Luca Deri2020-06-19
| |
* | DGA detection improvementsLuca Deri2020-06-18
| |
* | Added checks for DGA detectionLuca Deri2020-06-17
| |
* | Implemented proprietary AnyDesk protocolToni Uhlig2020-06-17
|/ | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added DGA risk for names that look like a DGALuca Deri2020-06-11
|
* Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPSLuca Deri2020-06-08
|
* Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants)Luca Deri2020-06-06
|
* Added check to avoid producing alerts for known protocol on unknown port ↵Luca Deri2020-05-30
| | | | when using TLS
* Refreshed test pcapLuca Deri2020-05-28
|
* Added support for Encrypted TLS SNI dissectionLuca Deri2020-05-28
| | | | https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
* Result updateLuca Deri2020-05-27
|
* Added pcap with encrypted SNILuca Deri2020-05-27
| | | | | - https://blog.cloudflare.com/encrypted-sni/ - https://www.inmotionhosting.com/support/website/security/dns-over-https-encrypted-sni-in-firefox/
* Added stub for checking HTTP headerLuca Deri2020-05-21
| | | | Updated Teams result
* Added fix to avoid potential heap buffer overflow in H.323 dissectorLuca Deri2020-05-19
| | | | Modified HTTP report information to make it closer to the HTTP field names
* Added check for invalid HTTP URLsLuca Deri2020-05-16
|
Powered by cgit, Themed by Ted Yin.