Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 9274 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Metasploit and Wireshark

Prakhar Jalan
Hello, We have a SG105 UTM and 3REDs within our network. All clients are connected to the REDs only. We are wondering if there is a way to totally block applications such as Metasploit and Wireshark sniffing from running within our network?


This thread was automatically locked due to age.
Parents
  • 0

    That's a tricky one because metasploit by it's very nature uses all sorts of tools to deliver payloads etc. Wireshark is also a good tool.

    I would be looking at blocking these at the application layer 7 as I don't think it would be possible at layer 3. Sophos endpoint protection will do this.

    Don't have reds so not sure of their capability but these apps can run from pc's so thats where you need to stop them

  • 0 in reply to Louis-M
    Do you think we can somehow manage that within the Application Control console in the UTM?
Reply Children
  • +1 in reply to Prakhar Jalan

    No, application control only works for traffic that passes through the UTM itself.

    Metasploit doesn't have a particular port etc but uses various modules to deliver payloads depending on what you are trying to exploit eg samba, ftp, iis etc Patching and up to date systems is the way to negate this.

    It's little harder than most would realise to prevent this from within a network.
    For instance, you might have full control of all your clients to prevent this program running. However, you might not have security to prevent an unknown client connection to your network eg personal laptop with metaspoit on it.

Unfiltered HTML