Re: [FW1] loki and covert channels for icmp?

Wed, 23 Aug 2000 07:29:12 -0700 


Whats a butt-plug? Is that a piece of hardware ?

At 08:00 PM 8/22/00 -0500, Jason Witty wrote:

>Donna,
>
>Loki's been around for a long time.  It basically allows you to remotely
>control (via a remote shell) a UNIX box, using a semi-covert ICMP tunnel.
>To use it, you first take over a UNIX box, then install the loki daemon
>(which listens for all inbound ICMP to that server), then you can connect
>to that daemon using your handy loki client.  Pretty nifty little tool,
>which only sends ICMP echos and replies between the client and server (at
>least in the default version).
>
>One of the key signatures of this tool is that it always includes "F001" in
>the sequence numbers, unless of course, you're the non-script kiddie type
>hax0r and actually modified the source code before compiling it :-)  So
>most traditional IDS implementations trigger off of that.
>
>Incidently, there are many more tools out there that can do this sort of
>thing.  BO2k has a (excuse the vernacular...) 'butt-plug' which basically
>allows remote control of a Wintel machine using an ICMP tunnel.  This is
>why many on the list point out that blindly allowing unsolicited
>ICMP-echo-replies into your netwrok can be very dangerous....
>
>Hope this helps!
>
>Jason
>
>
>At 04:47 PM 8/22/00 -0400, [EMAIL PROTECTED] wrote:
> >
> >Hello,
> >
> >I came across this phrack article today in my travels and became concerned
> >about the use of icmp.  Does anyone have more info? Seen it?  Heard of it?
> >
> >http://www.phrack.com/search.phtml?view&article=p49-6
> >
> >
> >
> >Thanks,
> >Donna
> >
> >
> >
> >
> >===========================================================================
>=====
> >     To unsubscribe from this mailing list, please see the instructions at
> >               http://www.checkpoint.com/services/mailing.html
> >===========================================================================
>=====
> >
> >
>
>
>================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>================================================================================ 
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to