From 37ff626e78149b4eb877b042672801b58d797100 Mon Sep 17 00:00:00 2001
From: Luca <deri@ntop.org>
Date: Thu, 3 Feb 2022 09:17:54 +0100
Subject: Added new IDN/Punycode risk for spotting internationalized domain
 names

---
 wireshark/ndpi.lua | 1 +
 1 file changed, 1 insertion(+)

(limited to 'wireshark')

diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index ff6c255d0..dfda193ec 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -80,6 +80,7 @@ flow_risks[38] = ProtoField.bool("ndpi.flow_risk.dns_fragmented", "DNS fragmente
 flow_risks[39] = ProtoField.bool("ndpi.flow_risk.invalid_characters", "Invalid characters", num_bits_flow_risks, nil, bit(7), "nDPI Flow Risk: Text contains non-printable characters")
 flow_risks[40] = ProtoField.bool("ndpi.flow_risk.possible_exploit", "Possible Exploit", num_bits_flow_risks, nil, bit(8), "nDPI Flow Risk: Possible exploit detected")
 flow_risks[41] = ProtoField.bool("ndpi.flow_risk.cert_about_to_expire", "TLS cert about to expire", num_bits_flow_risks, nil, bit(9), "nDPI Flow Risk: TLS certificate about to expire")
+flow_risks[42] = ProtoField.bool("ndpi.flow_risk.punycode_idn", "IDN Domain Name", num_bits_flow_risks, nil, bit(10), "nDPI Flow Risk: IDN Domain Name")
 
 -- Last one: keep in sync the bitmask when adding new risks!!
 flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(10))
-- 
cgit v1.2.3