SSH reverse shell - app control ?

Forum|Forum|6 years ago
May 25, 2020
1 reply
7443 views

Hello I currently do not use application control on Internet bound outgoing traffic but I do block outbound port 22 (SSH).

However, I dont think this will protect me if someone from within my LAN starts up an SSH reverse shell to the Internet using a non-standard port e.g. any port other than 22 that is allowed through the outbound policy.

Therefore I think it is essential to also use application control blocking 'SSH'

Would you guys agree with that ?

Daniel_Aguilar

New Member

Hello, I think you should block it with IPv4 policy and block the ports that you use for SSH to the destination that you desired. SSH is not an Application per se, it works in TCP lvl so the best choice is to block it with an IPv4 Policy.

It worked for me.

Regards.

Dave_Hall

New Member

May also want to block alternate methods for proxying and/or ways that can be used to circumvent content filtering or other forms port access. If you do not need to access outside sites via non-standard ports, it may be best to lock those ports down and only open access to sites (and ports) your company/organization needs. It's not uncommon to see "bad players" setting up proxies and SSH tunnels through standard port 80, 443, 53 (both tcp and udp) , etc.

pyy

New Member

Hi tedauction

You can use IPS profile in order to block unwanted traffic related to reverse shell. https://fortiguard.com/search?q=reverse%20shell&type=ips&engine=1 Best Regards Panos

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded