Loki
¨Covert channel using ICMP as a tunnel to carry interactive communication with a backdoor listener
¨More stealthy and difficult to detect than other backdoor programs that listen on a given TCP/UDP port
¨Description and source code available at
¨Loki client wraps up attacker’s commands in ICMP and transmits them to the Loki server (lokid)
¨Loki server upwraps the commands, executes them and wraps the responses up in ICMP packets
¨Lokid must be run with root privilege