Trojans use ICMP as a covert channel. Learn how to examine normal ICMP traffic and then explore LOKI and how to conceal data in an ICMP packet
- [Teacher] When discussing covert activity,…we'll want to include the protocol ICMP.…Internet Control Message Protocol is used…to communicate updates or error messages.…No data is exchanged, there's no transport…layer header, and it's used by ping with…echo-request and echo-reply messages.…It could also be used for time stamps,…information, and subnet mask request replies.…We see the ICMP is held within an IP packet.…
Here you see the IP header and then the ICMP message.…And here you see the ICMP message, and the contents…are really going to depend on the type and code.…Let's take a look at normal ICMP traffic using a ping.…I've opened up a command-line, and I'm going…to set myself up by just typing ping google.com.…I'm not going to run it, but I'll set up in…Wireshark so we can capture those ping packets.…
Go to Capture > Interfaces, and I'll select Ethernet, we'll…start the capture, and I'll go back in and press Enter.…I'll stop the capture, and Windows operating…system normally defaults at four pings,…so I'll type icmp, and we'll take a look.…
Join cybersecurity expert Lisa Bock in this course as she explains how to identify vulnerabilities in your system, and how to then take countermeasures to prevent unwanted access. Lisa explains how hackers can use a Trojan to penetrate a network and lists the methods and tools that they use. She follows up by sharing how you can perform ethical hacking of your own system to detect areas of susceptibility, so you can address the flaws and defend against attacks. She also discusses rootkits, SSDP amplification attacks, ICMP, and more.
Note: Learning about ethical hacking for Trojans and backdoors is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Identifying and removing Trojans
- Defending against Trojans
- Blended threats
- SSDP amplification attack
- Disguising FTP, HTTP, and ping
- Using ICMP
- Detecting, removing, and avoiding rootkits