DDoS Definitions - DDoSPedia

  • This glossary focuses on network and application security terms with many DDoS-related definitions, a "DDoS-pedia" – its goal is to provide a central place for hard to find web-scattered definitions on this topic.

  • DDoSpedia

    Mobile LOIC

    Mobile LOIC is the online web version of LOIC. It is a Javascript-based HTTP DoS tool that is delivered within an HTML page, has very few options and is limited to conducting HTTP floods. Unlike its PC counterpart, Mobile LOIC does not support more complex options, like randomization of URLs and remote control by IRC botnets (“the Hive”).

    Mobile LOIC is flexible because it can run on various browsers and be accessed remotely. Typically, attack organizers post a URL for the website hosting the page and invite others to use the tool to attack the specified target. Since only a web browser is required, an attacker can use a smartphone to generate an attack.

    Offering extremely simple operation, Mobile LOIC has only three configuration parameters:

    • Target URL - the URL of the attacked target. Must start with http://
    • Requests per second - the number of desired requests to be sent per second
    • Append message - the content for the message parameter to be sent within the URL of HTTP requests
    • Consisting of simple 100 lines of code that execute web requests in a loop. It is possible to append text with an appropriately revolutionary message.

    Recently, a new variant of the Mobile LOIC was detected, which incorporates several techniques to bypass detection and provide greater redundancy. These include:

    • A JavaScript method that prevents left mouse click in order to prevent users from viewing the page source code.
    • Obfuscating all JavaScript methods contained and referenced on page, which may slow down security researchers from fully investigating this tool and its capabilities.
    • Removal of a message field that existed in the original version and had its value included in the attack packets themselves. This is most likely in order to try and avoid signature based protections.
    • Links from each attack page to up to 4 mirror attack pages hosted on other servers in order to quickly reference users and allow the attack campaign to continue even if one or more of the mobile LOIC nodes are taken down.
    • Additionally, several “cosmetic” functionalities were also added such as listing the number of current attackers using the tool, and reflecting the current client IP detected by the tool which may prove useful when trying to avoid attacks using an attackers real IP address.