nanog mailing list archives
Re: LOIC tool used in the "Anonymous" attacks
From: John Adams <jna () retina net>
Date: Sat, 11 Dec 2010 12:52:41 -0800
It's hard to believe that it took eight people to run wireshark and write this simplistic paper about LOIC. The analysis is weak at best (it seems they only had a few days to study the problem), and never analyzes the source code which has been widely available at https://github.com/NewEraCracker/LOIC A cursory analysis of HTTPFlooder.cs would give you all you need to know to understand the attack and block the tool; If you find your network attacked by this tool, you'll immediately discover a large volume of HTTP requests with no User-Agent or Accept: headers. Drop those requests at the border. You can also compile requests of that nature to analyze the size of the swarm that is attacking you. In analysis, I've found this to be on the order of 2000-3000 hosts. It's a decently sized ACL to place on your ingress routers, but these attacks can be thwarted. -j On Sat, Dec 11, 2010 at 7:19 AM, Marshall Eubanks <tme () multicasttech com> wrote:
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc. http://www.simpleweb.org/reports/loic-report.pdf LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers. Regards Marshall
Current thread:
- LOIC tool used in the "Anonymous" attacks Marshall Eubanks (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks Beavis (Dec 11)
- RE: LOIC tool used in the "Anonymous" attacks Stefan Fouant (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks John Adams (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks Leo Bicknell (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks Marshall Eubanks (Dec 11)
- <Possible follow-ups>
- Re: LOIC tool used in the "Anonymous" attacks andrew.wallace (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks mikea (Dec 13)
- Re: LOIC tool used in the "Anonymous" attacks andrew.wallace (Dec 11)