Forum Thread: Are Metasploit Attacks Noticeable?

Are Metasploit attacks or post-exploitation modules noticeable by a sysadmin or anybody monitoring the network? And if they are, how do you get around this? Proxychains, reverse DNS?

Thanks

2 Responses

It depends on the sysadmin and level of security. But generally yes, packets on the network are noticeable to sysadmins. You might want to consider some form of data exfiltration tool like pingtunnel. If you are worried about hiding your IP I would use TOR to connect to an encrypted VPN. It will distance you from the IP associated with your VPN connection. Of course if you pay for the VPN with your credit card it doesn't matter.

I would also try to (even though it may not always be possible) ensure that all traffic is encrypted. It's more difficult for an IDS to MITM every users encrypted sessions than it is to sniff plain text packets. Use ports that are generally encrypted as well. Stay evasive.

This is an excellent guide. I also cannot recommend this video enough. If you aren't familiar with OPSEC and the grugq it's time to get serious about it!

Ah, thanks, this helps a lot. I follow the grugq on Twitter, but I never knew who he was!

Share Your Thoughts

  • Hot
  • Active