Message ID | 407990e1-b28c-546a-d1b5-d99901eaee8e@ipfire.org |
---|---|
State | Accepted |
Commit | 1f3c61b66c77898707791519b837e61b1d2e6ad0 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id D7E2588B0A0 for <patchwork@web07.i.ipfire.org>; Fri, 22 Feb 2019 20:16:46 +0000 (GMT) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 445jKn6Qbwz5GwMp; Fri, 22 Feb 2019 20:16:45 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1550866606; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:list-id:list-unsubscribe:list-subscribe:list-post; bh=Gvr1nGio+hfmCgv/2lNNrp9rU6++6nlKBaQImyGbOck=; b=SiTXnV5y0HTD0+pQrXBSBH1wskUhctTVNOKANPq5KOlDO6w5DZ53yk5sUMbezoDU9tM9tD GfY/GlEzujrrgiJnXTI+2/shblNzFlzY0P2ze5z146/s+M2qS01kaoQ2j2KPiY5u2TDNoZ 9N14MNTNzildueT3ZTWpDs8N8ONPIIwp2wddUgRBxIHbko2amXzqgC/SAO9zXXIyvkWrWe eufl7Vr90gxLnYCaoa0DqdLxHD39d5HrBpI4oFzDSzzy4ACMKf2OirgYx/CawzG1EeCOdZ rC80xI38fcB4wflkzfRLjMH/1vEO2uH8uLQJXideZhrWx66g4YvaiHpKPmlbGg== Received: from [127.0.0.1] (exit04.brasshorncomms.uk [IPv6:2a06:3000::120:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 445jKk2WmQz5GwMm; Fri, 22 Feb 2019 20:16:42 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1550866602; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=Gvr1nGio+hfmCgv/2lNNrp9rU6++6nlKBaQImyGbOck=; b=kwNNRPHP3m8GAH+0M7JUulDht8sfyb61nMFlRzFXstR4ea5tjp+dn/P5VB4WS/CUG6oHPJ nlyq8vNRnFfI7vhKixUoXpZMRGQ5vTtv9Xe4M07CMVlUqUq9LKPEZAz+IlTVeKN3yzmy8M GYd94yyjljMl4g/5lvo40bfiNyklWjFjsLmmjQ+sTLZGzZRzinxIlvKRfFbGsyjaV/eR30 5cXQagOnlWjMbeg9Xf89KOjJkRuOBau+i0NfmtNARU2gPNwJxWaKnPf/JbwBypcchYVhVD VlGDR0qsLYMvw2D+Fe2oh42qra/zrLvNJSfgWKAYS4y8sik7uoQNVJfiej8TxQ== To: Stefan Schantl <stefan.schantl@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> Subject: [PATCH] Suricata: detect TLS traffic on port 444, too Organization: IPFire.org Message-ID: <407990e1-b28c-546a-d1b5-d99901eaee8e@ipfire.org> Date: Fri, 22 Feb 2019 20:16:00 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=pmueller smtp.mailfrom=peter.mueller@ipfire.org X-Spamd-Result: default: False [-5.31 / 11.00]; ARC_NA(0.00)[]; BAYES_HAM(-3.00)[100.00%]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_ORG_HEADER(0.00)[]; DKIM_SIGNED(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM(-2.21)[-0.738,0]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:28715, ipnet:2a06:3000::/29, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Spam-Status: No, score=-5.31 X-Rspamd-Server: mail01.i.ipfire.org Cc: "IPFire: Development-List" <development@lists.ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
Suricata: detect TLS traffic on port 444, too
|
|
Commit Message
Peter Müller
Feb. 23, 2019, 7:16 a.m. UTC
This is the default port for IPFire's administrative web interface
and should be monitored by Suricata, too.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
c: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/suricata/suricata.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Acked-by: Michael Tremer <michael.tremer@ipfire.org> > On 22 Feb 2019, at 20:16, Peter Müller <peter.mueller@ipfire.org> wrote: > > This is the default port for IPFire's administrative web interface > and should be monitored by Suricata, too. > > Signed-off-by: Peter Müller <peter.mueller@ipfire.org> > c: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/suricata/suricata.yaml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml > index 4fbd32b85..0ff06f4ae 100644 > --- a/config/suricata/suricata.yaml > +++ b/config/suricata/suricata.yaml > @@ -140,7 +140,7 @@ app-layer: > tls: > enabled: yes > detection-ports: > - dp: "[443,465,993,995]" > + dp: "[443,444,465,993,995]" > > # Completely stop processing TLS/SSL session after the handshake > # completed. If bypass is enabled this will also trigger flow > -- > 2.16.4
Merged. Best regards, -Stefan > Acked-by: Michael Tremer <michael.tremer@ipfire.org> > > > On 22 Feb 2019, at 20:16, Peter Müller <peter.mueller@ipfire.org> > > wrote: > > > > This is the default port for IPFire's administrative web interface > > and should be monitored by Suricata, too. > > > > Signed-off-by: Peter Müller <peter.mueller@ipfire.org> > > c: Stefan Schantl <stefan.schantl@ipfire.org> > > --- > > config/suricata/suricata.yaml | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/config/suricata/suricata.yaml > > b/config/suricata/suricata.yaml > > index 4fbd32b85..0ff06f4ae 100644 > > --- a/config/suricata/suricata.yaml > > +++ b/config/suricata/suricata.yaml > > @@ -140,7 +140,7 @@ app-layer: > > tls: > > enabled: yes > > detection-ports: > > - dp: "[443,465,993,995]" > > + dp: "[443,444,465,993,995]" > > > > # Completely stop processing TLS/SSL session after the > > handshake > > # completed. If bypass is enabled this will also trigger flow > > -- > > 2.16.4
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 4fbd32b85..0ff06f4ae 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -140,7 +140,7 @@ app-layer: tls: enabled: yes detection-ports: - dp: "[443,465,993,995]" + dp: "[443,444,465,993,995]" # Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow