From 7086197047f3b342f650b91374c322615693c888 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 9 Sep 2020 23:25:19 +0200
Subject: Added extension to detect nested subdomains as used in Browsertunnel
 attack tool https://github.com/veggiedefender/browsertunnel

---
 src/lib/protocols/netbios.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/netbios.c')

diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
index 6ca691c7e..1f3850cbd 100644
--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
@@ -85,7 +85,7 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct
 				 flow->packet.payload_packet_len - off, name, sizeof(name)) > 0) {
       snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name);
 
-      ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name);
+      ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name, 1);
   }
 
   if(sub_protocol == NDPI_PROTOCOL_UNKNOWN)
-- 
cgit v1.2.3