![low orbit ion cannon low orbit ion cannon](http://baw-weapons.yez.dk/uploads/7/5/5/2/7552490/5556826.jpg)
Last week he was sentenced to 18 months imprisonment. Last month (two years after the attack) he was convicted of conspiracy to impair the operation of computers and faced the prospect of up to 10 years in jail. This is Christopher “Nerdo” Weatherhead:Ĭhris was 20 years old when he was involved in the MasterCard attack.
![low orbit ion cannon low orbit ion cannon](http://baw-weapons.yez.dk/uploads/7/5/5/2/7552490/8742929.jpg)
There have been countless DDoS attacks by hacktivists since, the latest newsworthy event being the takedown of the US sentencing commission website just this weekend in retaliation for the legal action against Aaron Swartz, undoubtedly a contributing factor to his recent tragic suicide.īut the results can also be devastating for those involved in orchestrating these attacks. The result can be devastating for the target MasterCard suffered major outages on at least two different occasions as a result of this a couple of years back. Here’s how it often begins, with a call to action for hacktivists to join in an organised DDoS: The names or how active they presently are isn’t really the point though, I’m interested in looking at the nature of DDoS as this is where I see a lot of misunderstanding. They’ll usually be anonymous (that’s with a little “a”) and may associate themselves with groups such as Anonymous (with a big “A”) or others such as LulzSec and UGNazi.
![low orbit ion cannon low orbit ion cannon](http://www.digital-digest.com/blog/DVDGuy/wp-content/uploads/2010/09/low_orbit_ion_cannon.jpg)
LOIC has shot to fame in recent years as the tool of choice for what we colloquially refer to as hacktivists, or in other words, folks with an axe to grind – usually for political purposes – who use the web to express their displeasure. But let’s not get ahead of ourselves, there are a few things to understand first. Keep an eye out for a post showing how you can identify and combat LOIC types of attacks using web application firewalls as well.It’s the Low Orbit Ion Cannon and yes, you can be arrested and sentenced to a prison term for using it to mount a distributed denial of service attack on a website. We are still researching this tool and any news or modifications will be published on our blog. However, this high number of alerts will also help indicate that there is not a false positive. Maybe we can add some alert limit to the above rules since one attack will generate lot of alerts.A firewall rule can easily be made to detect the UDP and TCP versions of LOIC.# snort -c nf -A console -q -r /LABS2/LOIC/PCAP/LOIC-udp.pcap -O 01/27-11:58:38.849802 SLR - LOIC DoS Tool (UDP Mode) - Behavior Rule (tracking/threshold) :55198 -> :80 Some notes UDP traffic at port 80 (you can change the port)īased on the above criteria, we created the following Snort rule: alert udp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SLR - LOIC DoS Tool (UDP Mode) - Behavior Rule (tracking/threshold)" threshold: type threshold, track by_src, count 100, seconds 5 reference: url, classtype:misc-activity sid:1234590 rev:1 ).To use UDP version a user must select the UDP option as seen in the image shown above.įor UDP, the following two behaviors were noticed The binary version of LOIC has three methods of attack as you can see at this image below: īased on this information we created the follow snort rule: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SLR - LOIC DoS ToolJS Version" flow: established,to_server uricontent:"id=" uricontent:"msg=" threshold: type threshold, track by_src, count 20, seconds 5 reference: url, classtype:misc-activity sid:1234568 rev:1 ) Binary Version Lot of connection with id and msg in short period.
#Low orbit ion cannon mac os x#
The following shows an example request generated by this tool: GET /app/? id=1292337572944& msg=BOOM%2520HEADSHOT! HTTP/1.1Host: Mozilla/5.0 (Macintosh U Intel Mac OS X 10.5 en-US rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12Accept: text/html,application/xhtml+xml,application/xml q=0.9,*/* q=0.8Accept-Language: en-us,en q=0.5Accept-Encoding: gzip,deflateAccept-Charset: ISO-8859-1,utf-8 q=0.7,* q=0.7Keep-Alive: 115Connection: keep-aliveįor this version of LOIC, the following three items stand out: This version of LOIC allows an individual to contribute to a "DDoS Attack" using JavaScript embedded in a webpage. More details about this tool can be found at: These four approaches allow you to attack a website using both a standalone tool, and a web-only version which utilizes JavaScript. We've had the chance to analyze two versions of LOIC, which use four different approaches. Many still remember the attacks on Paypal, Mastercard, and Visa, which used this tool.
![low orbit ion cannon low orbit ion cannon](http://3.bp.blogspot.com/-_zcRUZXgNw8/UcWnFugQwjI/AAAAAAAAC3g/PWzhrXPUhc4/s1600/LOIC_instrukcja.png)
The LOIC tool has been in the news for quite some time now. Submitted By Rodrigo Montoro LOIC (Low Orbit Ion Cannon) DDoS/DoS Analysis