From 60a9f6610d7b15c33ecd8db865cf8f7519ad0ef0 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 21 Sep 2020 19:57:23 +0200
Subject: Added risks for checking - invalid DNS traffic (probably carrying
 exfiltrated data) - TLS traffic with no SNI extension

---
 src/include/ndpi_typedefs.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/include')

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index beef59fee..7094ef9a6 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -68,7 +68,7 @@ typedef enum {
   NDPI_TLS_OBSOLETE_VERSION,
   NDPI_TLS_WEAK_CIPHER,
   NDPI_TLS_CERTIFICATE_EXPIRED,
-  NDPI_TLS_CERTIFICATE_MISMATCH,
+  NDPI_TLS_CERTIFICATE_MISMATCH, /* 10 */
   NDPI_HTTP_SUSPICIOUS_USER_AGENT,
   NDPI_HTTP_NUMERIC_IP_HOST,
   NDPI_HTTP_SUSPICIOUS_URL,
@@ -78,9 +78,11 @@ typedef enum {
   NDPI_MALFORMED_PACKET,
   NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER,
   NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER,
-  NDPI_SMB_INSECURE_VERSION,
+  NDPI_SMB_INSECURE_VERSION, /* 20 */
   NDPI_TLS_SUSPICIOUS_ESNI_USAGE,
   NDPI_UNSAFE_PROTOCOL,
+  NDPI_DNS_SUSPICIOUS_TRAFFIC,
+  NDPI_TLS_MISSING_SNI,
   
   /* Leave this as last member */
   NDPI_MAX_RISK /* must be <= 31 due to (**) */
-- 
cgit v1.2.3