mediumexperimentalLinuxAI/MLNetworkT1071.001

LLM Service Connecting To Unexpected External Destination

Detects LLM service processes making outbound network connections to external destinations outside the OCI and private network baseline. A prompt injection may instruct the model to exfiltrate data or beacon to an attacker-controlled server.

Updated Jan 15, 2025 · Detection Engineering Team

llmprompt-injectionlinuxnetworkowasp-llm01

Problem Statement

Prompt injection can cause an LLM to initiate outbound connections for data exfiltration or C2 callback. Unexpected external network connections from LLM service processes are a reliable post-injection signal.

Sample Logs

{"timestamp":"2025-01-15T16:55:03Z","computer_name":"llm-host-03","user":"llm_svc","image":"/srv/llm/app/server.py","destination_hostname":"attacker.example.com","destination_ip":"198.51.100.42","destination_port":443}

Required Fields

image

destination_hostname

destination_ip

destination_port

user

computer_name

False Positives

·LLM services with legitimate integrations to external APIs (HuggingFace, OpenAI)
·Telemetry or licensing beacons to approved vendor endpoints

Tuning Guidance

Maintain an allowlist of approved external destinations for each LLM service. Alert on first-seen destinations using a lookup table approach.