The LOIC is a very simple application. It sends a stream of TCP packets, UDP packets, or HTTP GET packets to a selected host ur URL. Attackers use it to flood the target with bogus network traffic so that it has no resources to serve legitimate requests. LOIC cannot use proxies, so the IP address of the user is clearly visible to the target (stored in logs).
A single person using LOIC has very little impact but the application may run in hivemind mode. In this mode, the attackers use an IRC (Internet Relay Chat) channel for coordination and create a voluntary botnet (one participant is the master and the rest are slaves). If a large number of users flood the target server, it may experience a denial of service.
The Low Orbit Ion Cannon is a very basic attack tool that uses the simplest techniques. However, it is also very easy to install and use. This means that hacktivist organizations have no problems with getting a large number of people to participate in such attacks. It was used in the past in denial of service attacks that the 4Chan hacktivism group Anonymous organized against such companies like Mastercard and Paypal (Operation Payback), as well as organizations such as the Church of Scientology.
What Can I Use to Protect Against LOIC?
LOIC does not rely on any vulnerabilities. Therefore, vulnerability scanners and network scanners cannot be used to protect against it. Web application firewalls (WAF) work well for most DoS/DDoS attacks but intrusion detection/prevention systems (IDS/IPS) are the best tool to use to protect against such attacks in general.
DoS/DDoS attempts are best throttled at the Internet Service Provider level. If your web server is hosted on a renowned virtual cloud (for example, Akamai or Cloudflare), such services have sufficient protection. The best way to mitigate a DDoS attack is to have an infrastructure that can handle a lot of traffic. If this is not possible, make sure that you use the firewall to limit the number of connections per IP in a given period.
Can My Website Be Used For Attacks?
If your website is vulnerable, it can be used as an agent (zombie) in a DDoS attack. LOIC (or similar applications) may be installed in console mode and controlled using IRC. If an attacker can hack your website and get shell access (for example, using SQL Injection or Code Injection), they can make you participate in attacks. JS LOIC may also be injected into your web page using Cross-site Scripting. Any user visiting the page would then unwillingly and unknowingly participate in an attack.
Therefore, even if a tool like the Acunetix vulnerability scanner is not effective for you as a victim of a DoS/DDoS attack, it effectively protects you and your website visitors against becoming an unwilling accomplice of a crime. And becoming such an accomplice may have much more serious consequences than being a victim. Take a demo to make sure that you and your visitors are safe.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Tomasz Andrzej Nidecki. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/Tmn5CtgkWhk/