Low Orbit Ion Cannon
|
Contents
History of Use
Anonymous, Project Chanology, and Operation Payback
The most notable usage of the LOIC client was by hacktivist group Anonymous during Operation Payback in September of 2010.
The GUI
- "Manual Mode (for pussies)" - Select this mode to manually select target and settings.
- "FUCKING HIVE MIND" - Select this mode to volunteer your computer to the hive mind, and allow it to select the target URL. Note this only allows control of the local LOIC client, and not the full machine.[3]
- IRC (Internet Resource Chat) server - Location where all machines (potentially a botnet) connect to be controlled by server administrator.
- Port - A electronic gate/path which information flows into or out of.[4] Defaults to port 80.
- "Select your target"
- "Ready?"
- "IMMA CHARGIN MAH LAZER" - Begin the HTTP/UDP/TCP bombardment of the specified address.
- "Attack options"
- Allows selection of TCP/UDP message on request log (that can be used to troll), timeout value, number of threads, and other customizations.
DoS/DDoS
DoS is an acronym that stands for "Denial of Service," and is often classified as a cyber attack. When a user attempts to visit a website, www.google.com for example, they are making a request to that page for information (ask for information that is stored in Google's servers to be loaded on the user's browser). The concept behind DoSing is that malicious attackers can continually send these HTTP/UDP/TCP requests to a website, and overload the site's capability to process all of the requests. If the attacker is able to achieve a sufficient threshold of requests, the site may "shut down" and be unable to process requests made by any user. This is where the attack coins its name as once the site is down, users that attempt to access the site are denied service to that page. [7]
DDoS stands for "Distributed Denial of Service," and refers to a combined effort of multiple machines attempting to shut down (DoS) a site. This set of multiple machines can take the form of multiple users with individual machines, a single user with a bot-net (link/elaborate), or a combination of the two. By utilizing more than one machine, this gives the attacker(s) the ability to send more HTTP/UDP/TCP requests. The more machines, the more requests per minute, and the more likely the site will be successfully shut down. [8]
Where there is power there is money: DDoS attacks can be purchased on the black market using Tor browsers. Customers can "purchase" DDoS attacks of various strengths and duration, which have an additional set of ethical implications. The attacks are fairly cheap to purchase: "$150 can buy a week-long DDoS attack on the black market," which increases the accessibility to a powerful tool by the general public.[8]
While there are many other types of DoS attacks and methods, we limit this article to the description above, as it relates most closely to LOIC.
Damage
On the surface, the damage of a service-denial attack is the public not being able to access the website. This may be as subtle as the inability to read an educational article online, or as economically disruptive as having a bank's website and login portal be unreachable. However, once the site is unreachable, additional monetary expenditures may be incurred in order to bring the site back up to working order again.(...)
- Loss of customer trust
- Loss of intellectual property
- Infection of viruses
Defenses Against DoSing/DDoSing:
One of the first lines of defense when protecting against a DoS or a DDoS attack is filtering the traffic that is coming through the network. This can take the form of having either the ISP (internet service provider) buffering the users attempting to connect or firewalls that sit on the edge of the network that attempt to identify suspicious users. By attempting to identify users that have previous association with BotNets or spamming, websites can preemptively prevent attacks. This can either take the form of rejecting requests outright, or simplify flagging them for investigation by an administrator.[10]
Another example:(...)
A last resort to resisting being taken offline, websites can bolster their defenses through the purchase of adequate bandwidth. Because LOIC - used as a method for DoSing/DDoSing - relies mainly on congesting HTTP traffic, possessing enough bandwidth can foil most attacks made using the client. Unless the LOIC attack utilizes thousands or tens-of-thousands of machines, companies with enough money and important websites to protect can purchase enough bandwidth to resist an average LOIC attack while still hosting usual traffic. The downside to this is cost, and usually only larger companies will have the capital to use this as a last resort.[10]
- ip filtering
- tollgate
HOIC
The High Orbit Ion Cannon (HOIC) is the "big brother" of LOIC. While the low orbit cannon focuses mainly on TCP/UDP attacks, HOIC is the HTTP focused cannon.Cite error: Closing</ref>
missing for <ref>
tag- ↑ https://sourceforge.net/projects/loic/
- ↑ 2.0 2.1 http://resources.infosecinstitute.com/loic-dos-attacking-tool/#gref
- ↑ https://en.wikipedia.org/wiki/Internet_Relay_Chat
- ↑ http://whatismyipaddress.com/port
- ↑ https://docs.oracle.com/javase/tutorial/networking/urls/definition.html
- ↑ https://en.wikipedia.org/wiki/IP_address
- ↑ https://www.us-cert.gov/ncas/tips/ST04-015
- ↑ 8.0 8.1 http://www.digitalattackmap.com/understanding-ddos/
- ↑ https://lp.incapsula.com/rs/incapsulainc/images/eBook%20-%20DDoS%20Impact%20Survey.pdf
- ↑ 10.0 10.1 http://www.biztechmagazine.com/article/2013/02/three-elements-defense-against-denial-service-attacks