diff mbox series

[v2,1/3] Revert "Suricata: detect DNS events on port 853, too"

Message ID 20190302171839.16341-1-michael.tremer@ipfire.org
State Accepted
Commit 96495c9aa2a46896ebb5cbbdfa5fd4b961864215
Headers
Series [v2,1/3] Revert "Suricata: detect DNS events on port 853, too" |

Commit Message

Michael Tremer March 3, 2019, 4:18 a.m. UTC 
  This reverts commit ad99f959e2b83dd9f1275c1d385140271c8926ae.

It does not make any sense to try to decode the TLS connection
with the DNS decoder.

Therefore should 853 (TCP only) be added to the TLS decoder.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/suricata/suricata.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index d3ebbcfe4..767f84074 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -140,7 +140,7 @@  app-layer:
     tls:
       enabled: yes
       detection-ports:
-        dp: "[443,444,465,993,995]"
+        dp: "[443,444,465,853,993,995]"
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow
@@ -204,11 +204,11 @@  app-layer:
       tcp:
         enabled: yes
         detection-ports:
-          dp: "[53,853]"
+          dp: 53
       udp:
         enabled: yes
         detection-ports:
-          dp: "[53,853]"
+          dp: 53
     http:
       enabled: yes
       # memcap: 64mb