It's hard to believe that it took eight people to run wireshark and write this simplistic paper about LOIC. The analysis is weak at best (it seems they only had a few days to study the problem), and never analyzes the source code which has been widely available at https://github.com/NewEraCracker/LOIC A cursory analysis of HTTPFlooder.cs would give you all you need to know to understand the attack and block the tool; If you find your network attacked by this tool, you'll immediately discover a large volume of HTTP requests with no User-Agent or Accept: headers. Drop those requests at the border. You can also compile requests of that nature to analyze the size of the swarm that is attacking you. In analysis, I've found this to be on the order of 2000-3000 hosts. It's a decently sized ACL to place on your ingress routers, but these attacks can be thwarted. -j On Sat, Dec 11, 2010 at 7:19 AM, Marshall Eubanks <tme@multicasttech.com> wrote:
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.
http://www.simpleweb.org/reports/loic-report.pdf
LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
Regards Marshall