Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block VPN connection with Snort

    IDS/IPS
    2
    2
    70
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AAS
      last edited by

      Hi, I'm starting to use the Snort tool.
      Can I block the connection of VPN programs like proton, hotshield, etc.
      These programs are installed on the computer and I want to block their connection.
      Thanks and regards.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @AAS
        last edited by Gertjan

        @AAS said in Block VPN connection with Snort:

        These programs are installed on the computer and I want to block their connection.

        The KIS solution : negotiate with the owner of that computer to de install them ?

        If snort 'looks' (analyses) a VPN IP packet header, it can't detect if the originating program was a VPN app, as this app could use any IP addresses as a destination, any port as a destination, and the data payload is "TLS encrypted" so it will be recognized as "noise".
        True, if the app was using the default UDP, and port 1194, then that could mean that the traffic is VPN traffic. It still is just a possibility, not a fact.
        The VPN app could even use port 443, protocol TCP as a destination, so the traffic is now identical ordinary "https" web traffic. Good luck blocking that.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.