LOIC tool used in the "Anonymous" attacks
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc. http://www.simpleweb.org/reports/loic-report.pdf LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers. Regards Marshall
Interesting.. there's an ED about LOIC http://encyclopediadramatica.com/LOIC it even gives a instruction on how to deny the use of the tool: (funny) What if I get caught and V&d? You probably won't. It's recommended that attack with over 9000 other anons while attacking alone pretty much means doing nothing. If you are a complete idiot and LOIC a small server alone, there is a chance of getting V&. No one will bother let alone have the resources to deal with DDoS attacks that happens every minute around the world. Then theres always the botnet excuse. Just say your pc was infected by a botnet and you have since ran antivirus programs and what not to try to get rid of it. Or just say you have NFI what a DDoS is at all. PROTIP: If you do get V&: ALWAYS deny it, Explain it was botnet, Say you have dynamic IP and that they have the wrong guy. Also, epic lolz will be achieved because you are a fag. DDOS ONLY IN GROUPS On Sat, Dec 11, 2010 at 9:19 AM, Marshall Eubanks <tme@multicasttech.com> wrote:
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.
http://www.simpleweb.org/reports/loic-report.pdf
LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
Regards Marshall
-- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
-----Original Message----- From: Marshall Eubanks [mailto:tme@multicasttech.com] Sent: Saturday, December 11, 2010 10:20 AM To: North American Network Operators Group Subject: LOIC tool used in the "Anonymous" attacks
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.
http://www.simpleweb.org/reports/loic-report.pdf
LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
IMO, LOIC is a very unsophisticated tool. There are methods the attackers could have used to obfuscate their IP (while still employing a complete TCP 3-way handshake) if they were a bit more knowledgeable. Although it's equivalent to a sophomore year CS project, it has benefit of being "easy to use" and so lowers the barrier to entry for would-be script kiddies looking for a fun afternoon. There is also evidence of its use in the wild outside of "the hive". I think the skill level of these guys is clearly evidenced by one of the members who forgot to remove the metadata from their most recent "press release". Stefan
It's hard to believe that it took eight people to run wireshark and write this simplistic paper about LOIC. The analysis is weak at best (it seems they only had a few days to study the problem), and never analyzes the source code which has been widely available at https://github.com/NewEraCracker/LOIC A cursory analysis of HTTPFlooder.cs would give you all you need to know to understand the attack and block the tool; If you find your network attacked by this tool, you'll immediately discover a large volume of HTTP requests with no User-Agent or Accept: headers. Drop those requests at the border. You can also compile requests of that nature to analyze the size of the swarm that is attacking you. In analysis, I've found this to be on the order of 2000-3000 hosts. It's a decently sized ACL to place on your ingress routers, but these attacks can be thwarted. -j On Sat, Dec 11, 2010 at 7:19 AM, Marshall Eubanks <tme@multicasttech.com> wrote:
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.
http://www.simpleweb.org/reports/loic-report.pdf
LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
Regards Marshall
In a message written on Sat, Dec 11, 2010 at 10:19:32AM -0500, Marshall Eubanks wrote:
LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
Perhaps the authors of the tool would rather keep the finite law enforcement busy rounding up clueless highschool kids who install this tool. In that sense it's both a network packet DDOS, and a law enforcement attacker DDOS. Brilliant in a way. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On Dec 11, 2010, at 4:21 PM, Leo Bicknell wrote:
In a message written on Sat, Dec 11, 2010 at 10:19:32AM -0500, Marshall Eubanks wrote:
LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
Perhaps the authors of the tool would rather keep the finite law enforcement busy rounding up clueless highschool kids who install this tool.
In that sense it's both a network packet DDOS, and a law enforcement attacker DDOS. Brilliant in a way.
Or maybe that's a feature, not a bug. False flag operations to ensnare the clueless have a long history of running code. Regards Marshall
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
participants (6)
-
Beavis
-
John Adams
-
Leo Bicknell
-
Marshall Eubanks
-
Marshall Eubanks
-
Stefan Fouant