Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
How to block Reverse shell if infected?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to block Reverse shell if infected? (Read 1563 times)
newman87
Newbie
Posts: 25
Karma: 0
How to block Reverse shell if infected?
«
on:
January 31, 2022, 09:23:25 pm »
Hi,
my question is: In case I am infected with a Reverse shell connection e.g. Meterpreter from Metasploit, is there any way to block this using OPNSense? (Without using Suricata for detection and prevention)
I read that Meterpreter can escape firewall, proxy server etc. So,is this possible to block it?How?
Thanks
«
Last Edit: February 01, 2022, 11:04:32 am by newman87
»
Logged
lfirewall1243
Hero Member
Posts: 1386
Karma: 45
Re: How to block Reverse shell if infected?
«
Reply #1 on:
February 01, 2022, 08:13:47 am »
Basically it is just normal traffic.
If you know the Ports or destination IPs you can block them, but if the attacker changes them the traffic will pass.
Logged
(Unoffial Community) OPNsense Telegram Group:
https://t.me/joinchat/0o9JuLUXRFpiNmJk
PM for paid support
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: How to block Reverse shell if infected?
«
Reply #2 on:
February 01, 2022, 08:26:51 am »
Allow outgoing only the absolutly necessary ports and protocolls. Windows is a little picky on that though... ;-) With some firewalls (on windows: Gdata) you can block traffic (even outgoing) on the level of the application (again: windows needs so many "allow" trash for the OS, hard to know the difference from malware in the first place).
Put different classes of clients in different physical subnets. If you don't want to run suricata it's the best you can do.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
newman87
Newbie
Posts: 25
Karma: 0
Re: How to block Reverse shell if infected?
«
Reply #3 on:
February 01, 2022, 07:06:51 pm »
Will Suricata detect and then block a Reverse shell connection?As far I can see,Suricate only alerts for Bad traffic,you need to manually block Bad traffic and then Suricata will block the same traffic.Is there any way to automatically block first seen Bad Traffic?
Cheers
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
How to block Reverse shell if infected?