From 41765efcf8159fd8b9dcf4ceca60fbd37e6e79e8 Mon Sep 17 00:00:00 2001
From: Toni <matzeton@googlemail.com>
Date: Tue, 26 Oct 2021 21:34:01 +0200
Subject: Detect invalid characters in text and set a risk. Fixes #1347.
 (#1363)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 doc/flow_risks.rst | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'doc')

diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst
index aa07aaa89..e4546307e 100644
--- a/doc/flow_risks.rst
+++ b/doc/flow_risks.rst
@@ -234,3 +234,10 @@ NDPI_DNS_FRAGMENTED
 
 UDP `DNS <https://en.wikipedia.org/wiki/Domain_Name_System>`_ packets cannot be fragmented. If so, this indicates a potential security risk (e.g. use DNS to carry data) or a misconfiguration.
 
+.. _Risk 039:
+
+NDPI_INVALID_CHARACTERS
+=======================
+The risk is set whenever a dissected protocol contains characters not allowed in that protocol field.
+For example a DNS hostname must only contain a subset of all printable characters or else this risk is set.
+Additionally, some TLS protocol fields are checked for printable characters as well.
-- 
cgit v1.2.3