I am sure you have heard numerous news articles telling about websites and servers that suffer from DDOS attacks. Today we will review one such tool called LOIC (Low orbit ion cannon). Now before we start out the review, make sure you understand the basics of DDOS attacks and how they work.
What is a DOS attack?
A Denial-of-Service, also is known as DoS attack, is a malicious attack method meant to shut down a machine or network. The goal is to make the server or service inaccessible to its intended users. In a DoS attack, the hacker floods the target with traffic or sending requests that trigger a crash of the service or website. In the end, the DoS attack blocks legitimate users (i.e.clients, employees, members, or account holders) from using the service or accessing the server.
What is a DDOS attack?
A distributed denial of service attack popularly known as a DDOS attack is the same as a dos attack with one key difference. Instead of a single system, thousands of systems are used to DOS a website or a server. Since the traffic grows to the extent, servers cannot keep up. The websites and servers start crashing. This is one of the most popular attacks which happens with companies almost every day.
Types of DOS attacks
There are two main methods of DoS attacks:
- Flooding services. (Overloading the services with too much traffic)
- Crashing services. (Sending Malicious packets to cause errors and buffer overflows)
Flooding attacks occur when the server or service receives too much traffic and the server or service crashes. Most popular attacks are as follows:
- Buffer overflow attacks – The trick here is to send more traffic to a server or service than the server capacity to handle. The type of specific requests will change from service to service since the goal is to target the highest resource-consuming services. Causing server overload.
- ICMP flood – This method uses misconfigured network devices to send spoofed data packets that ping every computer on the target network. This increases the load on the network, and when more and more traffic is sent, the network becomes unusable. This attack is popularly known as the smurf attack or ping of death.
- SYN flood – In this attack, the hacker keeps sending a request to connect to the server, but never actually completes the four-way handshake. By increasing the frequency, the legitimate clients are unable to connect, leading to a DOS attack.
So What is the Low Orbit Ion Cannon (LOIC)?
Now I know what you are thing what does a low orbit ion cannon have anything to do with DDOS attacks. Well, the irony is that the creator had a sense of humor, and he decided to name this tool as LOIC. And no, this is not an actual cannon. It’s an automated DDOS tool that can help you test DDOS attacks on websites and servers.
It was developed by Praetox Technology as a network stress-testing application, but later it was abanded and became an open-source tool. It became famous when members of hacktivist group Anonymous, as well as users of the 4Chan forums, started using it for DDOS attacks.
Anonymous group in 2008 used this tool to attack the Church of Scientology websites in response to the Church’s legal efforts to take down YouTube videos of popular scandals and leaks. The LOIC was also used in 2010 by WikiLeaks supporters who went after the Visa and MasterCard websites because they stopped all payments to WikiLeaks.
Steps to do a Dos attack with LOIC
Step 1: Downloading LOIC ( low orbit ion cannon)
Download Loic from sourceforge.net. You will get warnings from antivirus saying that it is a malicious tool etc. Reason being that it is a DDOS tool. Obviously, you will get errors. Extract the zip file. And run the software.
Step 2: Run LOIC
You will see the below menu, which shows all the options for DDoS attack.
Step 3: Setting Up and Starting DDOS attack
There are many options that you can configure with LOIC. You can select an IP or a URL as the target.
You can select the type of data you want to send along with the message:
You can also configure the port as well as the number of threads. As well as the speed of the DDOS attack
Once you have configured everything, click on the following button:
IMMA CHARGIN MAH LAZER (I’m charging my laser)
Now you can see the status of the attack in the status section:
How does the LOIC work?
As you can see from the above demo, the tool works by flooding the target server with TCP, UDP, or HTTP packets with the goal of overloading the service. One hacker using the LOIC cannot generate enough traffic to make a serious impact on a target; However, some hackers use botnets collected by phishing and malware attacks to do the same type of attack, which requires thousands of devices to coordinate a simultaneous attack on the same target resulting in a large DDOS attack.
Commonly asked questions about LOIC and DDOS attacks?
Q1. Is this tool a virus?
No. It a DDOS tool, so many antiviruses report it as a virus for obvious reasons.
Q2. Can I test it on any website?
No. Do not test it on any website. If you make your own website, then you can test it on that. But using it anywhere else is illegal and can get you in trouble with the authorities.
Q3. Has anyone been arrested for using this tool on websites?
Yes, many people actually. Just google for more information.
I hope you liked my article on DDOS attacks with LOIC. Keep supporting the website. Happy Hacking.