[Oisf-users] app-layer detection-port question
Jason Holmes
jholmes at psu.edu
Wed Feb 10 17:05:14 UTC 2016
Hi,
I want to make sure I understand the effect of the 'detection-port'
option in the app-layer config to rule matching. If I have the
following app-layer config:
app-layer:
protocols:
tls:
enabled: yes
detection-ports:
dp: 443
and I have a rule that starts with "alert tls":
alert tls $EXTERNAL_NET any -> $HOME_NET any
does the rule only match on 443 because of the "dp: 443" option in the
app-layer setting?
If the tls config above omitted the detection-ports section, would the
detection ports be all ports?
Thanks,
--
Jason Holmes
More information about the Oisf-users
mailing list