I am just getting started getting into network security (currently have CCNA and am a network engineer at an ISP) and I do run across customers that have Fortinets, cyberoams etc... that are able to detect and block VPNs.
Now as far as I know VPN traffic just looks like typical encrypted traffic and doing some wireshark captures they look nearly identical. So how to firewalls detect them? Are the IPs compared against a database of known VPN IPs? Does it look at a traffic pattern?
No comments:
Post a Comment