DDoSPedia

  • This glossary focuses on network and application security terms with many DDoS-related definitions, a "DDoS-pedia" – its goal is to provide a central place for hard to find web-scattered definitions on this topic.

     

  • DDoSpedia

    LOIC (Low Orbit Ion Cannon)

    Low Orbit Ion Cannon (LOIC) was originally developed by Praetox Technologies as an open-source network stress testing tool. It allowed developers to subject their servers to heavy network traffic loads for diagnostic purposes, but it has since been modified in the public domain through various updates and been widely used by Anonymous as a DDoS tool.

    LOIC (which runs on both Microsoft Windows and Mac OS X) is a flooding tool used to generate a massive amount of network traffic in order to utilize network or application resources. Such a high rate of traffic results in performance degradation and potentially a loss of service. A user armed with LOIC can perform a denial-of-service (DoS) attack on a target site by flooding its server with illegitimate TCP, UDP, or HTTP packets. On its own, one computer running LOIC cannot generate enough TCP, UDP, or HTTP requests at once to overwhelm the average web server. It takes thousands of computers all targeting a single server to have any real impact.

    The IRC-based “Hive Mind” mode enables a LOIC user to connect his or her copy of LOIC to an IRC channel in order to receive a target and other attack parameters via an IRC topic message. Using many copies of LOIC running in Hive Mind mode across many computers, a third party such as the “hacktivist” group Anonymous can take control of each copy of LOIC simultaneously. With thousands of copies of LOIC attacking a single target, the effect on network performance can be much more significant than that of a “normal” coordinated LOIC attack. Hive Mind mode effectively lets anyone with a computer participate in a distributed denial-of-service attack, as LOIC requires very little computer literacy to operate.

    LOIC has been used in several well-known attacks against large organizations including but not limited to Anonymous’ Project Chanology, Operation Payback, and OpSony. Over 30,000 downloads of LOIC were recorded between the 8th and 10th of December 2010 when Anonymous organized attacks on the websites of companies and organizations that opposed Wikileaks. Since LOIC was utilized by a vast number of attackers in conjunction with a few advanced users employing their large botnets to launch additional DDoS attacks, many of the targeted sites suffered outages.

    While LOIC is simple and effective, it does not make any attempt to spoof its users’ IP addresses, and most volunteers running LOIC are unaware of this lack of anonymity. If any form of non-anonymous attack is not routed through an anonymizer such as Tor, I2P, or some form of proxy server, the attacker’s IP address can be logged by his or her target. An ISP can then use a list of logged attacking IP addresses to identify the individuals participating in an attack, allowing for the proper law enforcement actions to be taken against them.

    Several countries including the United States have taken legal actions against LOIC attackers based on the IP information. On January 27, 2011, five people were arrested in the UK in connection with the Operation Payback attacks, while in June 2011 another three LOIC users were arrested in Spain for their involvement in other attacks. On June 14 2011, Turkish police arrested 32 individuals who allegedly attacked government websites in protest against the introduction of state level web filtering; these individuals are thought to be members of Anonymous that used the LOIC tool as a means of protest. As a result of various arrests, LOIC’s popularity began to decline towards the end of 2011.