From c4ac53a03fa1fbfd5a5d7fea507cfcbe5b307914 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 23 Dec 2021 21:30:16 +0100 Subject: Added support for Log4J/Log4Shell detection in nDPI via a new flow risk named NDPI_POSSIBLE_EXPLOIT --- doc/flow_risks.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'doc/flow_risks.rst') diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst index e4546307e..417426e48 100644 --- a/doc/flow_risks.rst +++ b/doc/flow_risks.rst @@ -241,3 +241,9 @@ NDPI_INVALID_CHARACTERS The risk is set whenever a dissected protocol contains characters not allowed in that protocol field. For example a DNS hostname must only contain a subset of all printable characters or else this risk is set. Additionally, some TLS protocol fields are checked for printable characters as well. + +.. _Risk 040: + +NDPI_POSSIBLE_EXPLOIT +===================== +The risk is set whenever a a possible exploit (e.g. Log4J/Log4Shell) is detected. -- cgit v1.2.3