Synopsis
Description
The iptables process was executed with a command to add or delete rules on the host.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.
Variations
Rare iptables port forward command was executed
Synopsis
Description
An iptables command was executed to perform port forward, This command is unpopular.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.
Uncommon iptables port forward command was executed on the host
Synopsis
Description
An iptables command was executed to perform port forward, This command is uncommon for the host.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.
Rare iptables delete command was executed
Synopsis
Description
An iptables command was executed to delete rule, This command is unpopular.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.
A rare iptables delete command was executed on the host
Synopsis
Description
An iptables command was executed to delete rule, This command is uncommon for the host.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.
A rare iptables flush all command was executed
Synopsis
Description
An iptables command was executed to flush all rules, This command is unpopular.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.
A rare iptables flush command was executed
Synopsis
Description
An iptables command was executed to flush all rules, This command is unpopular.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.
A rare iptables flush command was executed on the host
Synopsis
Description
An iptables command was executed to flush rules, This command is uncommon for the host.
Attacker's Goals
Adding or deleting system firewalls rules to avoid possible detection.
Investigative actions
- Verify that this isn't IT activity.
- Look for other hosts executing similar commands.