Protect Agains Low Orbit Ion Cannon
The DOS (Denial of service) attack is one of the more than powerful hacks, capable of completely taking a server downwardly. In this way, the server will not be able to handle the requests of valid users. With a DOS attack, many computer systems connected to the net will try to flood a server with imitation requests, leading to a service disruption. At that place are many means in which an aggressor can enact this attack on a server system over the network or the internet. Some hackers try this attack with their ain coded tools while others utilise previously bachelor tools.
A LOIC (Low Orbit Ion Cannon) is one of the most powerful DOS attacking tools freely available. If you follow news related to hacking and security issues, you doubtless have been hearing well-nigh this tool for the past several months. It has become widely used, including in some highly-publicized attacks confronting the PayPal, Mastercard and Visa servers a few months back. This tool was likewise the weapon of choice implemented by the (in)famous hacker grouping, Anonymous, who have claimed responsibleness for many high profile hacking attacks, amongst them, hacks confronting Sony, the FBI and other United states of america security agencies. The group non only used this tool, but also requested that others download information technology and join Anonymous attacks via IRC.
In this brief article, I volition requite an overview and operational model of the tool. At that place are 2 versions of the tool: the first is the binary version, which is the original LOIC tool. The other is web-based LOIC or JS LOIC.
Figure 1: Original LOIC
Nearly the original LOIC tool
The LOIC was originally developed by Praetox Technologies as a stress testing application earlier becoming available within the public domain. The tool is able to perform a simple dos attack by sending a large sequence of UDP, TCP or HTTP requests to the target server. It's a very easy tool to use, even by those lacking whatsoever basic knowledge of hacking. The but thing a user needs to know for using the tool is the URL of the target. A would-be hacker need only then select some easy options (accost of target system and method of set on) and click a button to beginning the attack.
The tool takes the URL of the target server on which you lot want to perform the attack. Yous can besides enter the IP address of the target organization. The IP address of the target is used in place of an internal local network where DNS is not being used. The tool has three chief methods of assail: TCP, UDP and HTTP. You can select the method of attack on the target server. Some other options include timeout, TCP/UDP bulletin, Port and threads. See the basic screen of the tool in the snapshot higher up in Figure 1.
The LOIC version used by Bearding group attacks was different than the original LOIC. Information technology had an option to connect the client to the IRC (Cyberspace Relay Chat). This immune the tool to be remotely controlled, using the IRC protocol. In that example, the user machine became part of a botnet. A botnet is a arrangement of compromised computer systems connected to each other via the internet, which are in plow controlled past the attacker who directs the malware toward his / her target. The bigger the botnet, the more powerful the attack is.
Figure 2: Modified version of LOIC with an option for IRC connect
Blazon of attacks
As I'd mentioned previously, the LOIC uses three unlike types of attacks (TCP, UDP and HTTP). All three methods implement the same mechanism of attack. The tool opens multiple connections to the target server and sends a continuous sequence of letters which tin be divers from the TCP/UDP bulletin parameter option available on the tool. In the TCP and UDP attacks, the string is sent as a plain text but in the HTTP attack, information technology is included in the contents of a HTTP Get message.
This tool continues sending requests to the target server; after some time, the target server becomes overloaded. In this way, the target server will no longer be able to answer to requests from legitimate users, finer shutting it downwardly.
Assay of the attack
UDP Attack: To perform the UDP attack, select the method of set on as UDP. It has port 80 equally the default pick selected, just you can change this according to your need. Alter the bulletin string or exit it as the default.
TCP Attack: This method is similar to UDP assail. Select the type of assail as TCP to employ this.
HTTP Assault: In this assail, the tool sends HTTP requests to the target server. A web application firewall tin can detect this blazon of assault hands.
How to use LOIC to perform a Dos attack: Just follow these simple steps to enact a DOS assail against a website (but exercise so at your own take a chance).
- Stride 1: Run the tool.
- Pace 2: Enter the URL of the website in The URL field and click on Lock O. So, select attack method (TCP, UDP or HTTP). I will recommend TCP to first. These 2 options are necessary to start the assault.
Figure3: LOIC in activeness (I painted the URL and IP white to hibernate the identity of the victim in snap)
- Pace iii: Change other parameters per your choice or exit it to the default. Now click on the Big Button labeled as "IMMA CHARGIN MAH LAZER." You have merely mounted an assail on the target.
After starting the attack you lot will see some numbers in the Set on status fields. When the requested number stops increasing, restart the LOIC or change the IP. You can also requite the UDP attack a effort. Users can also set the speed of the attack past the slider. It is ready to faster as default but you lot tin can slow down it with the slider. I don't call back anyone is going to wearisome down the attack.
Here's the meaning of each field:
- IDLE: It shows the number of threads idle. It should be zero for higher efficiency of the attack.
- Connecting: This shows the number of threads that are trying to connect to the victim server.
- Requesting: This shows the number of threads that are requesting some information from the victim server.
- Downloading: This shows the number of threads that are initiating some download for some data from the server.
- Downloaded: This number shows how many times data downloading has been initiated from victim server on which you lot are attacking.
- Requested: This number shows how many times a data download has been requested from victim server.
- Failed: This number shows how many times the server did non answer to the request. A larger number in this field means the server is going downwardly. The success of the assault tin be measured past the number shown in this field.
LOIC in HIVEMIND
The windows version of LOIC has a feature chosen HIVEMIND. With this, users can connect their client to an IRC server. In this way, information technology can be controlled remotely, thus facilitating some risky attacks, so apply this wisely. But connecting to an IRC server will not allow a remote assistants of your machine or whatever other risks to your organization: it volition only control your LOIC client. This method was used to collect more people in the DDOS attack against Visa, Mastercard, and other fiscal organizations that supported Wikileaks. (The attack was called "Operation Pay-dorsum.")
In this mode, thousands of system attacks on a single website to made a real touch on. The more people that joined the attack via IRC, the more powerful the attack became.
To start LOIC in HIVEMIND mode, run this command in the command prompt:
LOIC.exe /hivemind irc.server.address
After running the above control, your LOIC customer will connect to irc://irc.server.adress:6667/loic
You can also prepare more parameters in the command to utilize the tool in amend fashion. Use port and aqueduct too with the control.
LOIC.exe /hivemind irc.server.address 1234 #hush-hush
It volition connect to irc://irc.server.adress:1234/secret
Subconscious mode
You can also run your LOIC in hidden mode while using it in HIVEMIND. Running in hidden mode means LOIC will run without whatsoever visible GUI at your windows system. Just add together /HIDDDEN in your control.
LOIC.exe /hidden /hivemind irc.server.accost
It will connect LOIC client to irc://irc.server.adress:6667/loic without any visible GUI on windows.
Web-based LOIC (JS LOIC)
This version of LOIC was released on 9th Dec, 2010. This web- based tool runs merely on JavaScript-enabled spider web browsers. In JS LOIC, JS stands for JavaScript This version of LOIC sends an ID and message with lots of connections with each ID and message. This is easier to utilise than the desktop version. Only visit the web page with a single HTML file and start the attack. The set on power of this version is same as from the desktop.
Drawbacks of using LOIC
The main drawback of LOIC as a DOS assail tool is that it is very easy to find the attacker. This tool does not accept whatsoever precautions to hide IP address of the origin of the set on. Attacks generated by this tool are simple and expose the IP address of attacker in each request packet sent to victim server to flood the request queue. If you are thinking that we tin can apply proxies to solve this problem, yous are incorrect. Attackers cannot use proxies in these attacks because your requests will hit the proxy server, not the target server. Then you volition non be able to launch a DOS attack on the server effectively while using a proxy. Merely some analysts say that this tin be used with a proxy server if the proxy is robust enough. According to them, all your asking packets will be forwarded to the server system by proxy at the end.
How to prevent the assault of LOIC
LOIC is available for complimentary to download and apply, and can be used effectively with very fiddling hacking experience. Anyone that wants to can attack a website with this tool.
Equally discussed to a higher place, the attack of this tool is simple and easy to identify. A well-configured firewall is enough to prevent the set on from being fully effective. And a server administrator can come across the request logs to identify the IP and block the IP from the server. Every website owner or server administrators should monitor the traffic and all the activities being performed on the server. This tin can aid well enough against the attack. But this will not help you when a network of LOIC clients volition fire on the server system all at once. Protecting the server with a Firewall configured to filter the packets sent past the LOIC is the best manner to protect against the set on.
Conclusion
In past few months, this tool was downloaded millions of times and used against some big websites such every bit Mastercard, Visa, and PayPal to back up Wikileaks. The group known as Anonymous used this tool to attack these websites, merely it was non traceable. A lot of people joined the squad with the IRC network, so no one knows who the existent persons backside the group were, inside such a large network of systems used in the attacks.
Utilise of this tool means sending some one threatening messages with your accost and phone number. You lot will be easily caught. In some countries, a DOS set on is non illegal. Y'all can use this tool as an individual, just this tool is non going to aid yous if you volition use it with your system alone. You volition need a network of systems to join your assault. This tool is like shooting fish in a barrel to use and see the demonstration of DOS attack. But try it on your own risk.
This tool is bachelor for complimentary on the net so any person can download it and create a problem for any website. Although catching the assailant is like shooting fish in a barrel, protection confronting such an assail is relatively easy to achieve. I suggest each company and server administrator brand certain that their firewall is configured to protect from the assail generated by LOIC.
Source: https://resources.infosecinstitute.com/topic/loic-dos-attacking-tool/
0 Response to "Protect Agains Low Orbit Ion Cannon"
Post a Comment