PrepAway - Latest Free Exam Questions & Answers

which network protocol?

The Loki attack exploits a covert channel using which network protocol?

PrepAway - Latest Free Exam Questions & Answers

A.
TCP

B.
PPP

C.
ICMP

D.
SMTP

Explanation:
The ICMP protocol was developed to send status messages, not to hold or transmit user data. But someone
figured out how to insert some data inside of an ICMP packet, which can be used to communicate to an already
compromised system. Loki is actually a client/server program used by hackers to set up back doors on
systems. The attacker targets a computer and installs the server portion of the Loki software. This server
portion “listens” on a port, which is the back door an attacker can use to access the system. To gain access
and open a remote shell to this computer, an attacker sends commands inside of ICMP packets. This is usually
successful, because most routers and firewalls are configured to allow ICMP traffic to come and go out of the
network, based on the assumption that this is safe because ICMP was developed to not hold any data or a
payload.
Incorrect Answers:
A: A Loki attack uses ICMP, not TCP.
B: A Loki attack uses ICMP, not PPP.
D: A Loki attack uses ICMP, not SMTP.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 585


Leave a Reply