[Oisf-users] Monitoring DNS over TLS: SURICATA TLS on unusual port
Carlos Lopez
clopmz at outlook.com
Sun Jan 5 12:08:49 UTC 2020
Hi all,
I have a DNS cache server based in unbound redirecting all external queries to CloudFlare’s DNS servers via DNS over TLS and as I indicated in the subject, a lot of alerts are triggered as “SURICATA TLS on unusual port”.
I have tried to inform to our Suricata sensors via “app-layer,tls,dp” port 853 is a valid TLS port without luck … I have checked any TLS variable for Suricata without result.
Then how to inform Suricata port 853 as a valid port TLS?
--
Regards,
C. L. Martinez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200105/56f85445/attachment.html>
More information about the Oisf-users
mailing list