Discover how the LOIC tool is used to deliver denial of service attacks. This video will also cover its use on ISC and in HiveMind mode.
- [Voiceover] Let's take a look at the Low Orbit Ion Cannon, or LOIC. LOIC is used to generate a massive amount of network traffic in order to consume bandwidth and exhaust network or application resources. Such a high rate of traffic results in performance degradation and potentially a loss of service. A user armed with LOIC can perform Denial of Service against a target sight by flooding its server with illegitimate TCP, UDP, or HTTP packets. On its own, one computer running LOIC can't generate enough TCP UDP at once to overwhelm the average server.
It takes thousands of computers, all targeting a single server to have any real impact: A distributor denial of service by coordinating many individual attacks. Consequently, LOIC has become notorious due to some highly publicized attacks against Sony, PayPal, MasterCard, and Visa. It was at one stage the weapon of choice for the hacker group Anonymous. LOIC is now a legitimate testing tool, widely used by testers and network administrators, and as such it makes no attempt to spoof its IP address.
As a consequence, there have been a number of arrests for using it maliciously. Being able to demonstrate resilience against this tool is important as this is still a tool that can be used in anger. You can download this tool from the SourceForge page. This comes as a zip file inside which is the executable. Note that the tool is sometimes flagged as a malicious program. This is usually a false alarm triggered by the tool itself. I've got this loaded already on my Windows 7 system, so let's start it.
LOIC has a very simple interface. To use it, we'll enter the IP address of my external Windows 10 system. And press the associated lock on button. I'll also select UDP from the Method drop-down box in the Attack Options panel. This will do a UDP flood. I can leave all the other options as default. I'm using VNC to remotely access the Windows 10 system. I've already got its performance monitor up, and we can use this to monitor the load on the target.
OK, back at LOIC, I can now start the attack using the amusingly called "Imma Chargin Mah Lazer" button. We can see the number of packets being generated in the bottom panel. Let's go and look at the Windows 10 system. As we can see, the VNC access to the Windows 10 system has been compromised, and we can't see what's happening on the server. This is due to the bandwidth being consumed by the LOIC's packet stream. OK, I'll stop the flooding now. OK, VNC access is returned, and we can see the performance monitor on the move again.
We can see from the attacks we were causing the CPU to increase to about 15% utilization. But the real problem was the network bandwidth, which compromised our access. Even a script kiddie can launch a noticeable attack from their home computer. In a really malicious and professional attack however, a victim could expect thousands of attacks sources to be operating concurrently. And with these attacks delivering upward of 50 gigabits per second in traffic, the victim has a really problem.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. This course maps to the 09 Denial of Service domain.
- What is denial of service?
- SYN flooding
- Smurf and URL flooding
- Deauthenticating a wireless host
- Flooding HTTP
- Using BlackEnergy
- Flooding SIP
- Detecting DoS with PeerShark
- Defeating DoS attacks