From da87cc315744914c92cca27725dc87f59f83deec Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 27 Jul 2020 13:05:06 +0200 Subject: Added NDPI_SMB_INSECURE_VERSION for detecting insecure SMB versions (e.g. v1) --- src/include/ndpi_typedefs.h | 1 + src/lib/ndpi_utils.c | 3 +++ src/lib/protocols/smb.c | 3 ++- 3 files changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 824e2585f..6d1a1719d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -78,6 +78,7 @@ typedef enum { NDPI_MALFORMED_PACKET, NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER, NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER, + NDPI_SMB_INSECURE_VERSION, /* Leave this as last member */ NDPI_MAX_RISK diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 2fb3a5d9e..347e65d52 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1530,6 +1530,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER: return("SSH Obsolete Server Version/Cipher"); + case NDPI_SMB_INSECURE_VERSION: + return("SMB Insecure Version"); + default: snprintf(buf, sizeof(buf), "%d", (int)risk); return(buf); diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index a70072853..9a56ead93 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -44,8 +44,9 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_INFO(ndpi_struct, "found SMB\n"); if(memcmp(&packet->payload[4], smbv1, sizeof(smbv1)) == 0) { - if(packet->payload[8] != 0x72) /* Skip Negotiate request */ { + if(packet->payload[8] != 0x72) /* Skip Negotiate request */ { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, NDPI_PROTOCOL_NETBIOS); + NDPI_SET_BIT(flow->risk, NDPI_SMB_INSECURE_VERSION); } } else ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, NDPI_PROTOCOL_NETBIOS); -- cgit v1.2.3