From 41765efcf8159fd8b9dcf4ceca60fbd37e6e79e8 Mon Sep 17 00:00:00 2001 From: Toni Date: Tue, 26 Oct 2021 21:34:01 +0200 Subject: Detect invalid characters in text and set a risk. Fixes #1347. (#1363) Signed-off-by: Toni Uhlig --- doc/flow_risks.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'doc') diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst index aa07aaa89..e4546307e 100644 --- a/doc/flow_risks.rst +++ b/doc/flow_risks.rst @@ -234,3 +234,10 @@ NDPI_DNS_FRAGMENTED UDP `DNS `_ packets cannot be fragmented. If so, this indicates a potential security risk (e.g. use DNS to carry data) or a misconfiguration. +.. _Risk 039: + +NDPI_INVALID_CHARACTERS +======================= +The risk is set whenever a dissected protocol contains characters not allowed in that protocol field. +For example a DNS hostname must only contain a subset of all printable characters or else this risk is set. +Additionally, some TLS protocol fields are checked for printable characters as well. -- cgit v1.2.3