6May
Random connections to meterpreter reverse tcp listener
I am currently learning some basic penetration testing using Metasploit. I have set up a reverse tcp meterpreter payload that I run on an Amazon EC2 Windows instance. Sometimes while moving a new payload the machine, the listener that I have set up in Metasploit will be connected to and successfully send a payload, resulting in an open meterpreter session on somebody's computer. It has happened twice so far with connections from India and Russia. The sessions close automatically after 30-60 seconds (Reason: Died).
I figured that random connections would occur due to port-scans and whatnot, but these connections have actually downloaded and run meterpreter.
- Why is this happening?
- Is there a way to use Metasploit to prevent this? (I don't want to be slammed for "hacking" some guy in Russia) If not, is iptables the best method?
