|Check Point Reference:||CPAI-2015-1415|
|Date Published:||17 Dec 2015|
|Last Updated:||31 Jan 2018|
|Protection Provided by:||
|Who is Vulnerable?||Multiple Oporating Systems (Linux Windows etc.)|
|Vulnerability Description||A reverse shell is a type of shell in which the target machine communicates back to the attacking machine on a listener port. By remotely installing and running such a shell on the target machine, the attacker achieves remote code or command execution abilities, or may obtain sensitive information.|
This protection will detect and block attempts to install and use a reverse shell.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Malware Traffic.
Attack Information: Metasploit Meterpreter Reverse Payloads Remote Code Execution