Block VPN connections over TCP 443 with Suricata?

  • Banned

    Does anyone have or know of a ruleset that would detect/block VPN connections?

    I know of maintained IP lists (shallalist) that can be used to block connections to public VPN providers IP addresses.
    However, this does nothing to prevent a connection to a private VPN as it wouldn't be on any list.

    Obviously TCP 443 is going to stay open and everyone knows this. So how about inspecting headers and identifying a VPN SSL connection so it can be shut down? What would those rules be?

Log in to reply