What is the Low Orbit Ion Cannon?
The Low Orbit Ion Cannon (LOIC) is an easy-to-use open-source network stress testing tool that is often misused for illegal denial-of-service (DoS) attacks.
Reading Time: .
Low Orbit Ion Cannon: Definition
Written in the C# programming language, the Low Orbit Ion Cannon (LOIC) was originally developed by Praetox Technology as a tool for network stress testing. The name is derived from a fictional weapon of mass destruction from the computer game series “Command & Conquer”. Today, LOIC, which is now available as an open source program and web version, is mainly abused for illegal traffic overload attacks. Thanks to its user-friendly interface, even attackers with no technical know-how are able to use the tool to carry out coordinated DoS and DDoS attacks.
How does Low Orbit Ion Cannon work?
The operation of the LOIC is relatively simple: Attackers only need to configure a few settings to launch an attack. The Low Orbit Ion Cannon then “bombards” the target with masses of TCP packets, UDP packets or HTTP requests in order to overload the web server and thus paralyze the targeted service.
However, several attackers have to join forces to accomplish this, because one lone attacker cannot generate enough malicious traffic using LOIC. For a coordinated DDoS attack, the Low Orbit Ion Cannon can be operated in so-called “Hive Mind” mode. Several users connect their LOIC clients via an IRC server to form a voluntary botnet, which can then be controlled remotely from a central computer. The more LOIC instances that are interconnected in this way, the greater the impact of the coordinated attack.
Is the Low Orbit Ion Cannon legal?
The stress test tool itself is legal and freely available on the Internet. It should be noted, however, that it is only legal to perform load tests on your own IT infrastructures. Unauthorized use of the Low Orbit Ion Cannon against third-party targets violates the laws of most countries. In Germany, this is considered computer sabotage under § 303b StGB (German Criminal Code) and is subject to criminal prosecution. Attackers face fines and/or several years in prison.
Those who use LOIC for illegal overload attacks should expect to be quickly identified and prosecuted. Such attacks leave the IP addresses of the attackers visible to the target and they cannot be disguised via a proxy server, as the attack would otherwise hit the proxy instead of the actual target.
Are there any known examples of attacks using Low Orbit Ion Cannon?
The Low Orbit Ion Cannon was primarily used by the hacker collective Anonymous and members of the 4chan forum for several noteworthy DDoS attacks:
How can you defend against traffic overload attacks by Low Orbit Ion Cannon?
Small LOIC attacks that attempt to overload a website with HTTP requests are still relatively easy to fend off. In such cases, it is sufficient to identify the IP addresses of the attackers and block or reject the attack traffic by means of a local firewall. In contrast, defending against TCP or UDP flood attacks, as well as larger HTTP flood attacks originating from hundreds or even thousands of LOIC clients simultaneously, requires a Web Application Firewall (WAF) or dedicated DDoS protection at the application level (Layer 7).
Protection systems for the network and transport layer (Layer 3 and 4), for example, do not recognize any difference between an HTTP flood attack and a valid download. Accordingly, to reliably detect attacks and secure a website or web application, companies need DDoS protection at all relevant layers. This is the only way operators can prevent attack-related disruptions and outages, which often result in lost revenue, image and trust.
Low Orbit Ion Cannon: What do you need to know?
Low Orbit Ion Cannon is a network stress testing tool that allows people without technical knowledge to perform illegal overload attacks on websites, web applications and APIs with just a few clicks. The tool enables coordinated HTTP, TCP and UDP flood attacks, the power of which increases with the number of LOIC instances inter-connected via the botnet. To effectively protect against such attacks, enterprises should deploy dedicated DDoS protection at the application level.
If you are interested in futher informations, we are willing to send you our product sheet for free
How Myra DDoS Protection can reliably secure your website or web application against all DDoS attack vectors:
- How is the protection activated in case of attack?
- What are the advantages of Myra protection solution?
- What are the features of Myra DDoS Protection for web applications?