To use UDP version a user must select the UDP option as seen in the image shown above.įor UDP, the following two behaviors were noticed The binary version of LOIC has three methods of attack as you can see at this image below: īased on this information we created the follow snort rule: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SLR - LOIC DoS ToolJS Version" flow: established,to_server uricontent:"id=" uricontent:"msg=" threshold: type threshold, track by_src, count 20, seconds 5 reference: url, classtype:misc-activity sid:1234568 rev:1 ) Binary Version
The following shows an example request generated by this tool: GET /app/? id=1292337572944& msg=BOOM%2520HEADSHOT! HTTP/1.1Host: Mozilla/5.0 (Macintosh U Intel Mac OS X 10.5 en-US rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12Accept: text/html,application/xhtml+xml,application/xml q=0.9,*/* q=0.8Accept-Language: en-us,en q=0.5Accept-Encoding: gzip,deflateAccept-Charset: ISO-8859-1,utf-8 q=0.7,* q=0.7Keep-Alive: 115Connection: keep-aliveįor this version of LOIC, the following three items stand out: This version of LOIC allows an individual to contribute to a "DDoS Attack" using JavaScript embedded in a webpage. More details about this tool can be found at: These four approaches allow you to attack a website using both a standalone tool, and a web-only version which utilizes JavaScript.
We've had the chance to analyze two versions of LOIC, which use four different approaches.
Many still remember the attacks on Paypal, Mastercard, and Visa, which used this tool. The LOIC tool has been in the news for quite some time now. Submitted By Rodrigo Montoro LOIC (Low Orbit Ion Cannon) DDoS/DoS Analysis