Re: Reverse shell

[Jamie Riden <jamie.riden () gmail com>]

You can detect most of these with signatures, but it's better to block
them frankly - just use a default DENY policy outbound on your
firewall. For example HTTP should only be allowed outbound from your
web proxy, DNS from your DNS resolvers, probably no SSH access needed
outbound...?

cheers,
 Jamie

On 25 March 2013 07:04, Aisling Brennan <aislingbrennan21 () gmail com> wrote:
> Reverse shells allow access to internal systems without having incoming access to the network.
>
> Reverse shells force an internal system to actively connect out to an external system.
>
> Reverse shells can operate using any protocol/port combination that is allowed out of your network.
>
> Netcat - any TCP/UDP port
> Cryptcat - any TCP/UDP port with encryption
> Loki & Ping Tunnel - ICMP
> Reverse WWW Shell - HTTP
> DNS Tunnel - DNS
> Sneakin - Telnet
> Stunnel - SSL
> Secure Shell - SSH
> Custom Reverse Shell
>
> It is a method a hacker would use to access our systems that are behind a firewall.



-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!