/src/ntopng/include/flow_checks/FlowRiskKnownProtocolOnNonStandardPort.h
Line | Count | Source |
1 | | /* |
2 | | * |
3 | | * (C) 2013-24 - ntop.org |
4 | | * |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, write to the Free Software Foundation, |
18 | | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 | | * |
20 | | */ |
21 | | |
22 | | #ifndef _FLOW_RISK_NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT_H_ |
23 | | #define _FLOW_RISK_NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT_H_ |
24 | | |
25 | | #include "ntop_includes.h" |
26 | | |
27 | | class FlowRiskKnownProtocolOnNonStandardPort : public FlowRisk { |
28 | | private: |
29 | 0 | FlowAlertType getAlertType() const { |
30 | 0 | return FlowRiskKnownProtocolOnNonStandardPortAlert::getClassType(); |
31 | 0 | } |
32 | | |
33 | | public: |
34 | 0 | FlowRiskKnownProtocolOnNonStandardPort() : FlowRisk(){}; |
35 | 0 | ~FlowRiskKnownProtocolOnNonStandardPort(){}; |
36 | | |
37 | 0 | FlowAlert *buildAlert(Flow *f) { |
38 | 0 | FlowRiskKnownProtocolOnNonStandardPortAlert *alert = |
39 | 0 | new FlowRiskKnownProtocolOnNonStandardPortAlert(this, f); |
40 | | |
41 | | /* Client is an attacker, trying to use a server on a non-std port */ |
42 | 0 | alert->setCliAttacker(); |
43 | | |
44 | | /* |
45 | | If the server responds, the server is also an attacker as it is offering a |
46 | | service on a non std-port. NOTE: Currently, we have decided to skip this |
47 | | condition as it may penalize legitimate servers. Discussion at |
48 | | https://github.com/ntop/ntopng/issues/5997. |
49 | | |
50 | | if(f->get_bytes_srv2cli() > 10) |
51 | | alert->setSrvAttacker(); |
52 | | */ |
53 | |
|
54 | 0 | return alert; |
55 | 0 | } |
56 | | |
57 | 0 | std::string getName() const { |
58 | 0 | return (FlowRiskAlerts::getCheckName( |
59 | 0 | FlowRiskKnownProtocolOnNonStandardPortAlert::getClassRisk())); |
60 | 0 | } |
61 | 0 | ndpi_risk_enum handledRisk() { |
62 | 0 | return FlowRiskKnownProtocolOnNonStandardPortAlert::getClassRisk(); |
63 | 0 | } |
64 | | }; |
65 | | |
66 | | #endif |