Open subhajit-cdot opened 3 years ago
Sure: can you please attach a pcap for testing?
@subhajit-cdot , ping...
Hi, I don't have pcap for testing, but you can refer below link for implementation.
Thanks for the link
Hi @IvanNardi , I am not sure if this activity is taken up already, I want to add few more points related to the above. In nDPI we already have PUNYCODE checking hooks available but it is only checking with xn--, however in IDN Homograph attack/script spoofing attack (IDN homograph attack, punycode info cyrillic/latin spoof are most commonly used in this kind of attack. So, it will be good if nDPI adds this detection based on string or unicode range matching (Cyrillic: U+0400–U+04FF, 256 characters. Cyrillic Supplement: U+0500–U+052F, 48 characters.)
Thanks Subhajit
@utoni @lucaderi can you please comment on this?
Sure, it is possible. But without a cap, someone needs to forge and record some traffic.
Is it possible to set risk for DWORD and hex formatted url in http dissector similar to NDPI_HTTP_NUMERIC_IP_HOST?