ntop / nDPI

Open Source Deep Packet Inspection Software Toolkit
http://www.ntop.org
GNU Lesser General Public License v3.0
3.83k stars 895 forks source link

Improve Data Exfiltration #2090

Open lucaderi opened 1 year ago

lucaderi commented 1 year ago

Using https://github.com/m57/dnsteal the following traffic is generated and better flow risks shall be generated

dnsteal.pcap.zip

utoni commented 1 year ago

What flow risks would you prefer?

For now all 5 flows get already two relevant flow risks:

Risk stats [found 5 (100.0 %) flows with risks]:
    Susp DNS Traffic                             5 [33.3 %]
    Non-Printable/Invalid Chars Detected         5 [33.3 %]
    Minor Issues                                 5 [33.3 %]