Skip to content

Hide Navigation Hide TOC

Bpfdoor TCP Ports Redirect (70b4156e-50fc-4523-aa50-c9dddf1993fc)

All TCP traffic on particular port from attacker is routed to different port. ex. '/sbin/iptables -t nat -D PREROUTING -p tcp -s 192.168.1.1 --dport 22 -j REDIRECT --to-ports 42392' The traffic looks like encrypted SSH communications going to TCP port 22, but in reality is being directed to the shell port once it hits the iptables rule for the attacker host only.

Cluster A Galaxy A Cluster B Galaxy B Level
Bpfdoor TCP Ports Redirect (70b4156e-50fc-4523-aa50-c9dddf1993fc) Sigma-Rules Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2