From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 3/3] Suricata: detect DNS events on port 853, too
Date: Thu, 07 Feb 2019 21:34:41 +0100
Message-ID: <810148a0d8ba79e29be7e980d7a1eb4dc7aa89eb.camel@ipfire.org>
In-Reply-To: <35331b2c-281e-f72f-fdd9-de8bfa592717@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1209764432385616973=="
List-Id: <development.lists.ipfire.org>

--===============1209764432385616973==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Merged.

Best regards,

-Stefan
> As DNS over TLS popularity is increasing, port 853 becomes
> more interesting for an attacker as a bypass method. Enabling
> this port for DNS monitoring makes sense in order to avoid
> unusual activity (non-DNS traffic) as well as "normal" DNS
> attacks.
> 
> Partially fixes #11808
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> Cc: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/suricata/suricata.yaml | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/config/suricata/suricata.yaml
> b/config/suricata/suricata.yaml
> index d7302788c..67b9e8a7d 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -208,11 +208,11 @@ app-layer:
>        tcp:
>          enabled: yes
>          detection-ports:
> -          dp: 53
> +          dp: "[53,853]"
>        udp:
>          enabled: yes
>          detection-ports:
> -          dp: 53
> +          dp: "[53,853]"
>      http:
>        enabled: yes
>        # memcap: 64mb

--===============1209764432385616973==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVXTzBOWHRTcnZo
YXN5dERuVHRkT0ZZK1RzdDRGQWx4Y2xtSUFDZ2tRVHRkT0ZZK1QKc3Q3cDB3Ly9SNUowRWIvcVFl
cU9nb095M1Q5cFJuNjZobVlRWFA2MWl1a3R3OGN2ald2aVZUY3J4akhDMGUzdApqUllQa0tTWCtD
UnFuczFXWVhCL1VKZ3hoSHlidWhabFB2Y2NyY0NyOSs5OFVISmtwS09ZZ3F4MkJ5SHlIc3NECkdJ
blpMVEJrT1VQYXRjbnNYdDg5QXpmdm5Pb1RRa1Yvb093Z3JzWjZibXlrZ2xNNndzYTBPUm10Z0hF
SENtZysKeFg3OTNjYmhYZWNFU3BQbFlmaU5rL1NWNmJySm1rQlA4alA0TW90QndHMDhuWFpSOWRQ
MmlSWWpYaFV3MDZnbwoza3E1eXRiMU8waVFldkRTMHgvV2dZZTduRjZZS2trZTRCYld5bXgyS2NY
UFpIcVZMZ2JnMjIwMFk1UWFvajZFCnlXTnpRMU1oZzZrbUx0MWlVejM3bUp2K0J5S1ppV3p0WmtT
RU1KSmtVNFVWUzc5YitXNHV4MERrUWU3OVJvcVUKNzlUcnE3S0NuUncxaHNheWw1QkRJN29SeUJQ
dTR2c1VOaEE1RlVQN3Z1Q0FYbi81TFpYZEp0LzV1bjJtTTgvTgpQOGIxVHFBV3A3YVZ2aXY1djUr
aHZrb1BSdHZFaFVnZGgvcDBhUVFqK2ZhY3hrbkJ3aXhEZ24rYTF6L0hXb04wCkkxaDdGYW12T2Ux
MVJESGRRSlMrUjErMHNjOUN0engwYUdSOGR6bG1VTjZJeW10YU9IQzc2U3hIRU9ZTUdWM1IKa2lo
MU02ZG5GdWRCSTVVKzlmNmJtUGwzZmk1RFR4QXI2dEsxWk1pUTZBYlRaL2hJbk1MTk9kb3ZxT1hY
NXFkRwp1L2hpdGJNcUNGMGRydk81ZHUvVHlJSTZjU0YwSDBtR2RnRVFjUHc4WThYZG9OeW9Mb009
Cj1jeE53Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=

--===============1209764432385616973==--