Block VPN connections over TCP 443 with Suricata?
Does anyone have or know of a ruleset that would detect/block VPN connections?
I know of maintained IP lists (shallalist) that can be used to block connections to public VPN providers IP addresses.
However, this does nothing to prevent a connection to a private VPN as it wouldn't be on any list.
Obviously TCP 443 is going to stay open and everyone knows this. So how about inspecting headers and identifying a VPN SSL connection so it can be shut down? What would those rules be?