Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tedauction
New Contributor III

SSH reverse shell - app control ?

Hello I currently do not use application control on Internet bound outgoing traffic but I do block outbound port 22 (SSH).

However, I dont think this will protect me if someone from within my LAN starts up an SSH reverse shell to the Internet using a non-standard port e.g. any port other than 22 that is allowed through the outbound policy.

Therefore I think it is essential to also use application control blocking 'SSH'

Would you guys agree with that ?

4 REPLIES 4
Daniel_Aguilar
New Contributor

Hello, I think you should block it with IPv4 policy and block the ports that you use for SSH to the destination that you desired. SSH is not an Application per se, it works in TCP lvl so the best choice is to block it with an IPv4 Policy.

 

It worked for me.

 

Regards.

Dave_Hall

May also want to block alternate methods for proxying and/or ways that can be used to circumvent content filtering or other forms port access.  If you do not need to access outside sites via non-standard ports, it may be best to lock those ports down and only open access to sites (and ports) your company/organization needs.  It's not uncommon to see "bad players" setting up proxies and SSH tunnels through standard port 80, 443, 53 (both tcp and udp) , etc.

 

 

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
pyy
New Contributor III

Hi tedauction

You can use IPS profile in order to block unwanted traffic related to reverse shell. https://fortiguard.com/search?q=reverse%20shell&type=ips&engine=1 Best Regards Panos

 

darwin_FTNT

Can try the following option:

config application list

   set enforce-default-app-port enable https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/66882/port-enforcement-check

Labels
Top Kudoed Authors