[Oisf-users] Monitoring DNS over TLS: SURICATA TLS on unusual port

Carlos Lopez clopmz at outlook.com
Sun Jan 5 12:08:49 UTC 2020

Hi all,

I have a DNS cache server based in unbound redirecting all external queries to CloudFlare’s DNS servers via DNS over TLS and as I indicated in the subject, a lot of alerts are triggered as  “SURICATA TLS on unusual port”.

I have tried to inform to our Suricata sensors via “app-layer,tls,dp” port 853 is a valid TLS port without luck … I have checked any TLS variable for Suricata without result.

Then how to inform Suricata port 853 as a valid port TLS?

C. L. Martinez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200105/56f85445/attachment.html>

More information about the Oisf-users mailing list