Donna,
Loki's been around for a long time. It basically allows you to remotely
control (via a remote shell) a UNIX box, using a semi-covert ICMP tunnel.
To use it, you first take over a UNIX box, then install the loki daemon
(which listens for all inbound ICMP to that server), then you can connect
to that daemon using your handy loki client. Pretty nifty little tool,
which only sends ICMP echos and replies between the client and server (at
least in the default version).
One of the key signatures of this tool is that it always includes "F001" in
the sequence numbers, unless of course, you're the non-script kiddie type
hax0r and actually modified the source code before compiling it :-) So
most traditional IDS implementations trigger off of that.
Incidently, there are many more tools out there that can do this sort of
thing. BO2k has a (excuse the vernacular...) 'butt-plug' which basically
allows remote control of a Wintel machine using an ICMP tunnel. This is
why many on the list point out that blindly allowing unsolicited
ICMP-echo-replies into your netwrok can be very dangerous....
Hope this helps!
Jason
At 04:47 PM 8/22/00 -0400, [EMAIL PROTECTED] wrote:
>
>Hello,
>
>I came across this phrack article today in my travels and became concerned
>about the use of icmp. Does anyone have more info? Seen it? Heard of it?
>
>http://www.phrack.com/search.phtml?view&article=p49-6
>
>
>
>Thanks,
>Donna
>
>
>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
