[Snort-sigs] Reverse shell

Aisling Brennan aislingbrennan21 at ...2420...
Mon Mar 25 03:04:59 EDT 2013

Reverse shells allow access to internal systems without having incoming access to the network. 

Reverse shells force an internal system to actively connect out to an external system. 

Reverse shells can operate using any protocol/port combination that is allowed out of your network.

Netcat - any TCP/UDP port
Cryptcat - any TCP/UDP port with encryption
Loki & Ping Tunnel - ICMP
Reverse WWW Shell - HTTP
DNS Tunnel - DNS
Sneakin - Telnet
Stunnel - SSL
Secure Shell - SSH
Custom Reverse Shell

It is a method a hacker would use to access our systems that are behind a firewall.

More information about the Snort-sigs mailing list