From 90b999e3f1a67babbcd7003fb0ccab005d45f343 Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Mon, 8 Jan 2024 17:04:46 +0100 Subject: Fix default port conflicts between AJP and CiscoVPN (#2245) We shouldn't have the same default port associated with multiple protocols. The key reason is that we use only one of them (for classification by-port, for example) and which one we really use depends on the internal order of the protocolsi's initialization (which is unknown to the user). We have 3 port collisions: * 8009: AJP and CiscoVPN * 445: SMBv1 and SMBv23 * 8080: HTTP_Connect and HTTP_Proxy I think that the two last cases don't really matter... About the first one: it seems that CiscoVPN is retired from 2011/2014 (see https://www.cisco.com/c/en/us/obsolete/security/cisco-vpn-client.html) and superseded by AnyConnect, which uses different ports (see https://community.cisco.com/t5/network-security/what-protocols-are-used-on-anyconnect-mobility-client/td-p/4713525). Therefore it should be safe to remove 8009 from the CiscoVPN default ports. --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9da1d2afb..2d258b46a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1661,7 +1661,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 10000, 8008, 8009, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 10000, 8008, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TEAMSPEAK, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_VOIP, -- cgit v1.2.3