Loki

• Think of it as a telnet over ICMP (ping): gives the ability to tunnel shell sessions over ICMP or UDP port 53 (looks like DNS)

• Offers a command line shell to the attacker on the victim machine

• Works in a client-server model; first server must be installed on the victim’s machine

• http://www.phrack.com/Archives/phrack51.tgz

• Defense: know what should be running on your system

Previous slide

Next slide

Back to first slide

View graphic version