Detecting compromised vpn clients

Started by fathibn, August 05, 2023, 03:07:42 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 05, 2023, 03:07:42 AM
HI,
I have setup openvpn server to allow remote users to connect to internal network. I would like to setup intrusion detection to detect malicious traffic from compromised vpn clients to corporate lan. I am only interested on vpn client address as real addresses are dynamic (3G/4G mobile network) and opnsense is behind another firewall, so all clients seem to be coming from dmz gateway.
Which surricata rules should i activate, mainly to detect attacks against windows servers and databases ?
TIA.
Print
Go Up Pages1
User actions