Block remote desktop services (Anydesk, Teamviewer, etc)

gbr · April 20, 2023, 2:32pm

I know nothing about Suricata, and am in the research phase.

I would like to block all incoming remote desktop connection, but all outgoing ones. Is this possible to configure? If possible, it would be great if I could allow remote desktop to a single computer inside the network, but if it’s an all or nothing, then I’d like to block it all.

Is Suricata the product I’m looking for?

Gerald

IDSTower · April 21, 2023, 6:22pm

Suricata can definitely do that, you will need to arrange the right rules to do that.

For example, you will need to know the domains that teamviewer operates on and use Suricata rules to block that domain.

Topic		Replies	Views
Ubuntu server 18.04: suricata rule blocks dwservice, but not teamviewer or anydesk Help	7	1192	October 17, 2020
Config Question: Suricata as an IDS + source IP Blocking on VPS w/1 network interface Help	9	1818	February 14, 2022
Suricata on pfSense blocking IPs on Pass List Help pfsense	16	6806	January 14, 2022
Architecture help Help ips , community , centos	2	1098	November 29, 2020
pfSense - Allow All Traffic From Host Help ips	2	1630	July 27, 2021

Block remote desktop services (Anydesk, Teamviewer, etc)

Related Topics