The DOS (Denial of service) attack is
one of the more powerful hacks, capable of completely taking a server
down. In this way, the server will not be able to handle the requests of
valid users. With a DOS attack, many computer systems connected to the
internet will try to flood a server with false requests, leading to a
service disruption. There are many ways in which an attacker can enact
this attack on a server system over the network or the internet. Some
hackers try this attack with their own coded tools while others use
previously available tools.
A LOIC (Low Orbit Ion Cannon) is one of
the most powerful DOS attacking tools freely available. If you follow
news related to hacking and security issues, you doubtless have been
hearing about this tool for the past several months. It has become
widely used, including in some highly-publicized attacks against the
PayPal, Mastercard and Visa servers a few months back. This tool was
also the weapon of choice implemented by the (in)famous hacker group,
Anonymous, who have claimed responsibility for many high profile hacking
attacks, among them, hacks against Sony, the FBI and other US security
agencies. The group not only used this tool, but also requested that
others download it and join Anonymous attacks via IRC.
In this brief article, I will give an
overview and operational model of the tool. There are 2 versions of the
tool: the first is the binary version, which is the original LOIC tool.
The other is web-based LOIC or JS LOIC.
Figure 1: Original LOIC
About The Original LOIC Tool:
The LOIC was originally developed by
Praetox Technologies as a stress testing application before becoming
available within the public domain. The tool is able to perform a simple
dos attack by sending a large sequence of UDP, TCP or HTTP requests to
the target server. It’s a very easy tool to use, even by those lacking
any basic knowledge of hacking. The only thing a user needs to know for
using the tool is the URL of the target. A would-be hacker need only
then select some easy options (address of target system and method of
attack) and click a button to start the attack.
The tool takes the URL of the target
server on which you want to perform the attack. You can also enter the
IP address of the target system. The IP address of the target is used in
place of an internal local network where DNS is not being used. The
tool has three chief methods of attack: TCP, UDP and HTTP. You can
select the method of attack on the target server. Some other options
include timeout, TCP/UDP message, Port and threads. See the basic screen
of the tool in the snapshot above in Figure 1.
The LOIC version used by Anonymous group
attacks was different than the original LOIC. It had an option to
connect the client to the IRC (Internet Relay Chat). This allowed the
tool to be remotely controlled, using the IRC protocol. In that case,
the user machine became part of a botnet. A botnet is a system of
compromised computer systems connected to each other via the internet,
which are in turn controlled by the attacker who directs the malware
toward his / her target. The bigger the botnet, the more powerful the
attack is.
Figure 2: Modified version of LOIC with an option for IRC connect
Type of attacks: As I’d
mentioned previously, the LOIC uses three different types of attacks
(TCP, UDP and HTTP). All three methods implement the same mechanism of
attack. The tool opens multiple connections to the target server and
sends a continuous sequence of messages which can be defined from the
TCP/UDP message parameter option available on the tool. In the TCP and
UDP attacks, the string is sent as a plain text but in the HTTP attack,
it is included in the contents of a HTTP GET message.
This tool continues sending requests to
the target server; after some time, the target server becomes
overloaded. In this way, the target server will no longer be able to
respond to requests from legitimate users, effectively shutting it down.
Analysis of the attack:
UDP Attack: To perform
the UDP attack, select the method of attack as UDP. It has port 80 as
the default option selected, but you can change this according to your
need. Change the message string or leave it as the default.
TCP Attack: This method is similar to UDP attack. Select the type of attack as TCP to use this.
HTTP Attack: In this
attack, the tool sends HTTP requests to the target server. A web
application firewall can detect this type of attack easily.
How to use LOIC to perform a Dos attack: Just follow these simple steps to enact a DOS attack against a website (but do so at your own risk).
- Step 1: Run the tool.
- Step 2: Enter
the URL of the website in The URL field and click on Lock O. Then,
select attack method (TCP, UDP or HTTP). I will recommend TCP to start.
These 2 options are necessary to start the attack.
Figure3: LOIC in action (I painted the URL and IP white to hide the identity of the victim in snap)
- Step 3: Change
other parameters per your choice or leave it to the default. Now click
on the Big Button labeled as “IMMA CHARGIN MAH LAZER.” You have just
mounted an attack on the target.
After starting the attack you will see
some numbers in the Attack status fields. When the requested number
stops increasing, restart the LOIC or change the IP. You can also give
the UDP attack a try. Users can also set the speed of the attack by the
slider. It is set to faster as default but you can slow down it with the
slider. I don’t think anyone is going to slow down the attack.
Here’s the meaning of each field:
- IDLE: It shows the number of threads idle. It should be zero for higher efficiency of the attack.
- Connecting: This shows the number of threads that are trying to connect to the victim server.
- Requesting: This shows the number of threads that are requesting some information from the victim server.
- Downloading: This shows the number of threads that are initiating some download for some information from the server.
- Downloaded: This number shows how many times data downloading has been initiated from victim server on which you are attacking.
- Requested: This number shows how many times a data download has been requested from victim server.
- Failed: This
number shows how many times the server did not respond to the request. A
larger number in this field means the server is going down. The success
of the attack can be measured by the number shown in this field.
LOIC in HIVEMIND: The
windows version of LOIC has a feature called HIVEMIND. With this, users
can connect their client to an IRC server. In this way, it can be
controlled remotely, thus facilitating some risky attacks, so use this
wisely. But connecting to an IRC server will not allow a remote
administration of your machine or any other risks to your system: it
will only control your LOIC client. This method was used to collect more
people in the DDOS attack against Visa, Mastercard, and other financial
organizations that supported Wikileaks. (The attack was called
“Operation Pay-back.”)
In this mode, thousands of system
attacks on a single website to made a real impact. The more people that
joined the attack via IRC, the more powerful the attack became.
To start LOIC in HIVEMIND mode, run this command in the command prompt:
LOIC.exe /hivemind irc.server.address
After running the above command, your LOIC client will connect to irc://irc.server.adress:6667/loic
You can also set more parameters in the command to use the tool in better way. Use port and channel too with the command.
LOIC.exe /hivemind irc.server.address 1234 #secret
It will connect to irc://irc.server.adress:1234/secret
HIDDEN MODE: You can
also run your LOIC in hidden mode while using it in HIVEMIND. Running in
hidden mode means LOIC will run without any visible GUI at your windows
system. Just add /HIDDDEN in your command.
LOIC.exe /hidden /hivemind irc.server.address
It will connect LOIC client to irc://irc.server.adress:6667/loic without any visible GUI on windows.
Web-based LOIC (JS LOIC): This version of LOIC was released on 9th
December, 2010. This web- based tool runs only on JavaScript-enabled
web browsers. In JS LOIC, JS stands for JavaScript This version of LOIC
sends an ID and message with lots of connections with each ID and
message. This is easier to use than the desktop version. Just visit the
web page with a single HTML file and start the attack. The attack power
of this version is same as from the desktop.
Drawbacks of using LOIC: The
main drawback of LOIC as a DOS attack tool is that it is very easy to
find the attacker. This tool does not take any precautions to hide IP
address of the origin of the attack. Attacks generated by this tool are
simple and expose the IP address of attacker in each request packet sent
to victim server to flood the request queue. If you are thinking that
we can use proxies to solve this problem, you are wrong. Attackers
cannot use proxies in these attacks because your requests will hit the
proxy server, not the target server. So you will not be able to launch a
DOS attack on the server effectively while using a proxy. But some
analysts say that this can be used with a proxy server if the proxy is
robust enough. According to them, all your request packets will be
forwarded to the server system by proxy at the end.
How to prevent the attack of LOIC: LOIC
is available for free to download and use, and can be used effectively
with very little hacking experience. Anyone that wants to can attack a
website with this tool.
As discussed above, the attack of this
tool is simple and easy to identify. A well-configured firewall is
enough to prevent the attack from being fully effective. And a server
administrator can see the request logs to identify the IP and block the
IP from the server. Every website owner or server administrators should
monitor the traffic and all the activities being performed on the
server. This can help well enough against the attack. But this will not
help you when a network of LOIC clients will fire on the server system
all at once. Protecting the server with a Firewall configured to filter
the packets sent by the LOIC is the best way to protect against the
attack.
Conclusion: In past few
months, this tool was downloaded millions of times and used against
some big websites such as Mastercard, Visa, and PayPal to support
Wikileaks. The group known as Anonymous used this tool to attack these
websites, but it was not traceable. A lot of people joined the team with
the IRC network, so no one knows who the real persons behind the group
were, within such a large network of systems used in the attacks.
Use of this tool means sending some one
threatening messages with your address and phone number. You will be
easily caught. In some countries, a DOS attack is not illegal. You can
use this tool as an individual, but this tool is not going to help you
if you will use it with your system alone. You will need a network of
systems to join your attack. This tool is easy to use and see the
demonstration of DOS attack. But try it on your own risk.
This tool is available for free on the
internet so any person can download it and create a problem for any
website. Although catching the attacker is easy, protection against such
an attack is relatively easy to achieve. I suggest each company and
server administrator make sure that their firewall is configured to
protect from the attack generated by LOIC.
Hi. I'm Dhirendra The Admin of this Blog I'm A Certified Ethical Hacker also a Web Developer With Programming Skills in various Programming Languages.
0 comments:
Post a Comment