Kevin has seen an increase in ICMP traffic going toward the companys Web server. It has not been a lot of ICMP traffic, so he is not sure if he should be concerned or not. What kind of attack that could be going on?
A.
Fraggle
B.
DoS
C.
Birthday
D.
Loki
Explanation:
Loki is actually a client/server program that is used by hackers to
set up back doors on systems. A computer is attacked and the server portion of the
Loki software is installed. This server portion "listens" on a port, which
is the back door that an attacker can use to access the system. To gain access and
open a remote shell to this computer, an attacker sends commands inside ICMP
packets. This is usually successful because most routers are configured to allow
ICMP traffic to come and go out of the network. This is because ICMP has been seen
as a basically benign protocol, since it was developed to not hold any data or a
payload. The other attacks do not use the ICMP protocol.
yes DOS attack can surely be launched with ICMP
1> Ping of death
2> “Time exceeded” or “Destination unreachable” attack
3> ICMP Flood
but they all require more amount of ICMP traffic or the admin should see server down or session terminating suddenly. Question does not explain any of the that behavior. So the hacker is using ICMP to transfer the data. Good question.
0
0
I choose D
0
0