Snort mailing list archives
Re: Reverse shell
From: Jamie Riden <jamie.riden () gmail com>
Date: Mon, 25 Mar 2013 07:45:46 +0000
You can detect most of these with signatures, but it's better to block them frankly - just use a default DENY policy outbound on your firewall. For example HTTP should only be allowed outbound from your web proxy, DNS from your DNS resolvers, probably no SSH access needed outbound...? cheers, Jamie On 25 March 2013 07:04, Aisling Brennan <aislingbrennan21 () gmail com> wrote:
Reverse shells allow access to internal systems without having incoming access to the network. Reverse shells force an internal system to actively connect out to an external system. Reverse shells can operate using any protocol/port combination that is allowed out of your network. Netcat - any TCP/UDP port Cryptcat - any TCP/UDP port with encryption Loki & Ping Tunnel - ICMP Reverse WWW Shell - HTTP DNS Tunnel - DNS Sneakin - Telnet Stunnel - SSL Secure Shell - SSH Custom Reverse Shell It is a method a hacker would use to access our systems that are behind a firewall.
-- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Reverse shell Aisling Brennan (Mar 25)
- Re: Reverse shell Jamie Riden (Mar 25)
- Re: Reverse shell Castle, Shane (Mar 25)
- Re: Reverse shell Jamie Riden (Mar 25)