From 60a9f6610d7b15c33ecd8db865cf8f7519ad0ef0 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 21 Sep 2020 19:57:23 +0200
Subject: Added risks for checking - invalid DNS traffic (probably carrying
 exfiltrated data) - TLS traffic with no SNI extension

---
 src/lib/ndpi_utils.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/lib/ndpi_utils.c')

diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 8360dd789..b96f52531 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1708,6 +1708,12 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_UNSAFE_PROTOCOL:
     return("Unsafe Protocol");
 
+  case NDPI_DNS_SUSPICIOUS_TRAFFIC:
+    return("Suspicious DNS traffic"); /* Exfiltration ? */
+    
+  case NDPI_TLS_MISSING_SNI:
+    return("SNI TLS extension was missing");
+    
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
-- 
cgit v1.2.3