This is the default port for IPFire's administrative web interface and should be monitored by Suricata, too.
Signed-off-by: Peter Müller peter.mueller@ipfire.org c: Stefan Schantl stefan.schantl@ipfire.org --- config/suricata/suricata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 4fbd32b85..0ff06f4ae 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -140,7 +140,7 @@ app-layer: tls: enabled: yes detection-ports: - dp: "[443,465,993,995]" + dp: "[443,444,465,993,995]"
# Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow
Acked-by: Michael Tremer michael.tremer@ipfire.org
On 22 Feb 2019, at 20:16, Peter Müller peter.mueller@ipfire.org wrote:
This is the default port for IPFire's administrative web interface and should be monitored by Suricata, too.
Signed-off-by: Peter Müller peter.mueller@ipfire.org c: Stefan Schantl stefan.schantl@ipfire.org
config/suricata/suricata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 4fbd32b85..0ff06f4ae 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -140,7 +140,7 @@ app-layer: tls: enabled: yes detection-ports:
dp: "[443,465,993,995]"
dp: "[443,444,465,993,995]" # Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow-- 2.16.4
Merged.
Best regards,
-Stefan
Acked-by: Michael Tremer michael.tremer@ipfire.org
On 22 Feb 2019, at 20:16, Peter Müller peter.mueller@ipfire.org wrote:
This is the default port for IPFire's administrative web interface and should be monitored by Suricata, too.
Signed-off-by: Peter Müller peter.mueller@ipfire.org c: Stefan Schantl stefan.schantl@ipfire.org
config/suricata/suricata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 4fbd32b85..0ff06f4ae 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -140,7 +140,7 @@ app-layer: tls: enabled: yes detection-ports:
dp: "[443,465,993,995]"
dp: "[443,444,465,993,995]" # Completely stop processing TLS/SSL session after thehandshake # completed. If bypass is enabled this will also trigger flow -- 2.16.4
-
Michael Tremer -
Peter Müller -
Stefan Schantl