Coverage Report

Created: 2026-02-14 06:52

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/ntopng/include/flow_checks/FlowRiskKnownProtocolOnNonStandardPort.h
Line
Count
Source
1
/*
2
 *
3
 * (C) 2013-24 - ntop.org
4
 *
5
 *
6
 * This program is free software; you can redistribute it and/or modify
7
 * it under the terms of the GNU General Public License as published by
8
 * the Free Software Foundation; either version 3 of the License, or
9
 * (at your option) any later version.
10
 *
11
 * This program is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
 * GNU General Public License for more details.
15
 *
16
 * You should have received a copy of the GNU General Public License
17
 * along with this program; if not, write to the Free Software Foundation,
18
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19
 *
20
 */
21
22
#ifndef _FLOW_RISK_NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT_H_
23
#define _FLOW_RISK_NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT_H_
24
25
#include "ntop_includes.h"
26
27
class FlowRiskKnownProtocolOnNonStandardPort : public FlowRisk {
28
 private:
29
0
  FlowAlertType getAlertType() const {
30
0
    return FlowRiskKnownProtocolOnNonStandardPortAlert::getClassType();
31
0
  }
32
33
 public:
34
0
  FlowRiskKnownProtocolOnNonStandardPort() : FlowRisk(){};
35
0
  ~FlowRiskKnownProtocolOnNonStandardPort(){};
36
37
0
  FlowAlert *buildAlert(Flow *f) {
38
0
    FlowRiskKnownProtocolOnNonStandardPortAlert *alert =
39
0
        new FlowRiskKnownProtocolOnNonStandardPortAlert(this, f);
40
41
    /* Client is an attacker, trying to use a server on a non-std port */
42
0
    alert->setCliAttacker();
43
44
    /*
45
      If the server responds, the server is also an attacker as it is offering a
46
    service on a non std-port. NOTE: Currently, we have decided to skip this
47
    condition as it may penalize legitimate servers. Discussion at
48
    https://github.com/ntop/ntopng/issues/5997.
49
50
    if(f->get_bytes_srv2cli() > 10)
51
      alert->setSrvAttacker();
52
    */
53
54
0
    return alert;
55
0
  }
56
57
0
  std::string getName() const {
58
0
    return (FlowRiskAlerts::getCheckName(
59
0
        FlowRiskKnownProtocolOnNonStandardPortAlert::getClassRisk()));
60
0
  }
61
0
  ndpi_risk_enum handledRisk() {
62
0
    return FlowRiskKnownProtocolOnNonStandardPortAlert::getClassRisk();
63
0
  }
64
};
65
66
#endif