ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Non-standard SSH Port

Risk Factors

It is both relatively easy and common for an attacker to establish a connection on a non-standard HTTP port. An attacker might attempt to bypass firewalls, and then potentially exfiltrate data or open a command-and-control channel, which could have a significant impact on a business or organization.

Kill Chain

Caution

Risk Score

60

Detection diagram
Next in Caution: Outbound Connection to a Suspicious IP Address

Attack Background

N/A

Mitigation Options

Check HTTP headers, URIs, and packets to determine if the content is malicious

Block inbound and outbound traffic from suspicious IP addresses at the network perimeter

Quarantine the device while checking for indicators of compromise, such as the presence of malware

Implement microsegmentation by adding secure zones based on the zero-trust security model: partition network traffic with endpoint firewalls, virtual or software-defined networks, or physical networks

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right