Block remote desktop services (Anydesk, Teamviewer, etc)

I know nothing about Suricata, and am in the research phase.

I would like to block all incoming remote desktop connection, but all outgoing ones. Is this possible to configure? If possible, it would be great if I could allow remote desktop to a single computer inside the network, but if it’s an all or nothing, then I’d like to block it all.

Is Suricata the product I’m looking for?


Suricata can definitely do that, you will need to arrange the right rules to do that.

For example, you will need to know the domains that teamviewer operates on and use Suricata rules to block that domain.