Device Profiles for the NoDDos client
The NoDDos client monitors network traffic in the home and dynamically applies device-specific ACLs to that traffic to stop a device from being used in a DDOS attack. Identifying devices and applying ACLs to their traffic flows is based on device profiles. This repository stores these files so people can contribute using pull requests to add new profiles or update existing ones. The device profiles in this repo get periodically compiled in to a complete file that gets digitally signed. The client downloads the compiled file and validates its signature. For more information see NoDDos website.
A Device Profile is a json object with the following fields
-
DeviceProfileUuid: This is UUID version 4 string that uniquely identifies the profile. There is small script in tools/getuuid.py that can create one for you.
-
DeviceProfileVersion: Version number for this profile. The NoDDos client tools will invalidate any mappings between a device and this profile if that mapping was based on the same profile but with a lower version number. The value must be manually set.
-
UploadStats: Boolean specifying whether traffic stats for devices matching this profile should be uploaded to the cloud. Because of privacy concerns, the device profile for Windows PCs has this set to false.
-
Manufacturer: User-friendly name of the manufacturer of the device.
-
Model: User-friendly name of the model of the device.
-
ThingClass: String specifying what type of device this is. Current values in use are: "Smart Home Hub", "OTT STB", "Phone Tablet", "Home Gateway", "Light Switch", "Security Camera", "Solar Gateway", "PC", "Game Console", "SmartTV".
-
Identifiers: List of json objects specifying matching criteria to identify a device. If any of these match then the device is mapped to the profile.
Each identifier consists of the following fields:
-
IdentifyConfidenceLevel: Possible values are Low, Medium or High. The match with the profile with highest confidence level will be selected.
-
EnforceConfidenceLevel: Possible values are 'None', 'Low', 'Medium', 'High'. Going forward, ACLs will only be applied if the EnforceConfidenceLevel for the match exceed a configurable threshold.
-
MustMatch: JSON object that contains match criteria that must be met
-
MustContain: JSON object that contains match criteria where the listed items must be in the total set of items
There are several criteria that can be used in MustMatch. Strings can be wildcarded either at the beginning of the string or at the end of the string.
- MacOid
- DhcpVendor
- DhcpHostname
- SsdpManufacturer
- SsdpModelName
- SsdpFriendlyName
- SsdpUdn
- SsdpSerialNumber
- SsdpManufacturerUrl
- SsdpModelUrl
- (SsdpDeviceType)
- WsDiscoveryXAddrs
- WsDiscoveryTypes
- MdnsHostname
- MdnsOs
- MdnsHw
- MdnsDeviceUrl
- MdnsManufacturer
- MdnsModelName
The MustContain object only supports the DnsQueries criteria, which has a FQDN as value.
There is no support yet for specifying ACLs as that has not yet been implemented.