From bf318e0b86ecfe88db3c15ed7ae285b43e51c304 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 11 Apr 2021 14:42:27 +0200 Subject: Added NDPI_DESKTOP_OR_FILE_SHARING_SESSION flow risk --- src/lib/protocols/teamviewer.c | 5 ++++- src/lib/protocols/tls.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index 5c221fada..97a8b3c1e 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -72,6 +72,7 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru if (flow->l4.udp.teamviewer_stage == 4 || packet->udp->dest == ntohs(5938) || packet->udp->source == ntohs(5938)) { ndpi_int_teamview_add_connection(ndpi_struct, flow); + ndpi_set_risk(flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance (UDP only) */ } return; } @@ -90,8 +91,10 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru else if (flow->l4.udp.teamviewer_stage) { if (packet->payload[0] == 0x11 && packet->payload[1] == 0x30) { flow->l4.udp.teamviewer_stage++; - if (flow->l4.udp.teamviewer_stage == 4) + if (flow->l4.udp.teamviewer_stage == 4) { ndpi_int_teamview_add_connection(ndpi_struct, flow); + ndpi_set_risk(flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance (UDP only) */ + } } return; } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 985b5ee1e..ffb3740c8 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -674,7 +674,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t rc1 = ndpi_match_string(ndpi_struct->malicious_sha1_automa.ac_automa, sha1_str); if(rc1 > 0) - ndpi_set_risk(flow, NDPI_MALICIOUS_SHA1); + ndpi_set_risk(flow, NDPI_MALICIOUS_SHA1_CERTIFICATE); } processCertificateElements(ndpi_struct, flow, certificates_offset, certificate_len); -- cgit v1.2.3