vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Added suspicious entropy alert in ICMP echo

Browse source
This commit is contained in:
Luca Deri 2022-12-18 13:56:45 +01:00
parent f73c3b32f1
commit 980f065935
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/lua/modules/icmp_utils.lua
View file

@ -98,10 +98,13 @@ if(trace_script_duration ~= nil) then
io.write(debug.getinfo(1,'S').source .." executed in ".. (os.clock()-clock_start)*1000 .. " ms\n")
end
-- #######################
-- See Flow::incStats()
function icmp_utils.is_suspicious_entropy(e_min, e_max)
local diff = e_max - e_min
if((e_min < 5) or (e_max >= 6) or (diff > 0.2)) then
if((e_min < 5) or (e_max >= 6) or (diff > 0.3)) then
return true
else
return false