Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Reverse Shell Overview

A reverse shell allows the attacker to bypass firewalls and other security mechanisms to open the ports to the target.

An attacker exploits a code execution vulnerability on the target system to run a script to initiate a reverse shell session to the Command and Control (C&C) server. It allows the attacker to remotely access the target to run a command. SRX Series Firewalls analyze the traffic pattern between the client and the server to detect and respond to the reverse shell attack.

The Reverse Shell page displays information about the detected reverse shell attacks. You can review and add IP addresses that are not malicious to the allowlist. See Add IP Address to Allowlist

To access the page, click Monitor > Advanced Threat Prevention.

Benefits

Detect reverse shell attacks and prevent potential data thefts.

Field Descriptions

Table 1: Fields on the Reverse Shell Page
Field Description

Destination IP

IP address of the attacker's endpoint

Destination Port

Port number of the attacker's endpoint

Source IP

IP address of the reverse shell attack target

Source Port

Port number used on the target by the attacker to perform a reverse shell attack

Timestamp

Date and time when the reverse shell attack session started

TCP Session ID

Session ID assigned to the attacker's endpoint

Threat Level

Threat level assigned to the attacker's endpoint

Action

The action taken on the reverse shell attack: permit or block

Incoming Packets (#)

The number of incoming packets to the target

Average Size

The average size of the incoming packets