[Oisf-users] Detecting Non SSL traffic over TCP 443

Heine Lysemose lysemose at gmail.com
Wed Nov 26 18:30:22 UTC 2014


Hi

This from a earlier post on the list

alert tcp any any -> any 443 (msg:"SURICATA Port 443 but not SSL/TLS";
flow:to_server; app-layer-protocol:!tls; sid:991003;)

Regards,
Lysemose
On Nov 26, 2014 7:27 PM, "Özkan KIRIK" <ozkan.kirik at gmail.com> wrote:

> Hi,
>
> I need a rule that detects Non SSL traffic over TCP 443 Port.
>
> I tried this rule, but it matches both SSL and Non SSL traffic.
> alert tcp any any -> any 443 (msg: "Non TLS / SSL traffic ";
> app-layer-protocol:!tls;)
>
> What is wrong with this rule?
>
> Best Regards,
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141126/fa2df7cc/attachment-0002.html>


More information about the Oisf-users mailing list