• caglararli@hotmail.com
  • 05386281520

Random connections to meterpreter reverse tcp listener

Çağlar Arlı      -    32 Views

Random connections to meterpreter reverse tcp listener

I am currently learning some basic penetration testing using Metasploit. I have set up a reverse tcp meterpreter payload that I run on an Amazon EC2 Windows instance. Sometimes while moving a new payload the machine, the listener that I have set up in Metasploit will be connected to and successfully send a payload, resulting in an open meterpreter session on somebody's computer. It has happened twice so far with connections from India and Russia. The sessions close automatically after 30-60 seconds (Reason: Died).

I figured that random connections would occur due to port-scans and whatnot, but these connections have actually downloaded and run meterpreter.

  1. Why is this happening?
  2. Is there a way to use Metasploit to prevent this? (I don't want to be slammed for "hacking" some guy in Russia) If not, is iptables the best method?