What is a LOIC, or Low Orbit Ion Cannon?
An open weapon, the Low Orbit Ion Cannon -source application developed by Praetox Technologies that is widely available and used for denial of service (DDoS) and network stress testing.The application's JavaScript version, JS LOIC, and the web-based Low Orbit Web Cannon have also been made available.
LOIC is used by DDoS perpetrators to send spam TCP, UDP, and HTTP GET requests to target systems.However, a single LOIC user cannot produce sufficient requests to have a significant impact on a target.Thousands of users must coordinate and simultaneously direct traffic to the same network in order for an attack to succeed.
Several well-known DDoS attacks have utilized LOIC, including:
Project Chanology was launched in 2008 and aimed at the Church of Scientology for violating YouTube's copyright in an effort to have one of its videos taken down.
Operation Payback was a massive 2010 campaign that focused on organizations that fight piracy, PayPal, Visa, MasterCard, Sony, and the PlayStation network.
A mode known as HIVEMIND was present in the LOIC version utilized in the aforementioned attacks.It hijacked user-generated junk traffic using internet relay chat servers, allowing individual criminals to establish a botnet and carry out attacks without prior coordination.
Description of the attack To use LOIC, the perpetrator simply launches the application, types in the URL or IP of the target, and then chooses whether to launch a TCP, UDP, or HTTP flood.The HTTP flood mode sends an endless stream of GET requests, whereas the TCP and UDP modes send message strings and packets to specific target ports.
LOIC initiates multiple connection requests for a target server when it is launched.After that, it sends a never-ending stream of messages until the server is overloaded to the point where it cannot respond to legitimate requests.
The application interface for LOIC
Due to the widespread availability of LOIC, it is simple for criminals to recruit other users to carry out a coordinated attack.Additionally, its simplicity makes it possible for anyone, regardless of experience or knowledge, to carry out potentially devastating DDoS attacks.
However, LOIC users are unable to use proxies to send attack traffic.As a result, a target can easily trace them because their IP addresses are completely visible.
Methods of mitigation
Basic network traffic monitors and firewalls can be used to identify and block small-scale LOIC attacks. However, a coordinated attack that can only be stopped by a specialized security solution can overwhelm these defenses.
Imperva Website Protection analyzes incoming HTTP/S traffic with a distinctive client classification engine. The WAF transparently identifies malicious traffic from LOIC TCP and HTTP floods, among other attack vectors.
UDP attacks, on the other hand, can be mitigated with Imperva DDoS protection.Through deep packet inspection, this solution balances an attack load across a global network of scrubbing servers that use Anycast technology to identify and filter malicious packets.In order to ensure that only legitimate traffic reaches the server, this edge-weeds out illegitimate packets.
