[Oisf-users] Does suricata have a facility for detecting non-SSL traffic on port 443?
Anoop Saldanha
anoopsaldanha at gmail.com
Thu Aug 22 04:30:57 UTC 2013
On Wed, Aug 21, 2013 at 9:58 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> See subject. I know the TLS decoder can check for issues with certs and
> the SSL handshake, but I just want to know if a flow is *not* ssl at all.
>
Suricata's protocol detection works regardless of the port the flow is on.
Coming to detecting if a flow is not ssl, we will be introducing a
keyword shortly(work done, needs to be pushed) that would allow you to
write rules like
alert tcp any any -> any any (app-layer-protocol:!tls; sid:1;)
Which will match on flows as long as it is not tls.
You can track it here - https://redmine.openinfosecfoundation.org/issues/727
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-users
mailing list