Re: LOIC tool used in the "Anonymous" attacks

[John Adams <jna () retina net>]

It's hard to believe that it took eight people to run wireshark and
write this simplistic paper about LOIC. The analysis is weak at best
(it seems they only had a few days to study the problem), and never
analyzes the source code which has been widely available at
https://github.com/NewEraCracker/LOIC

A cursory analysis of HTTPFlooder.cs would give you all you need to
know to understand the attack and block the tool; If you find your
network attacked by this tool, you'll immediately discover a large
volume of HTTP requests with no User-Agent or Accept: headers. Drop
those requests at the border.

You can also compile requests of that nature to analyze the size of
the swarm that is attacking you. In analysis, I've found this to be on
the order of 2000-3000 hosts. It's a decently sized ACL to place on
your ingress routers, but these attacks can be thwarted.

-j



On Sat, Dec 11, 2010 at 7:19 AM, Marshall Eubanks <tme () multicasttech com> wrote:
> Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, 
> Paypal, etc.
>
> http://www.simpleweb.org/reports/loic-report.pdf
>
> LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their 
> own computers.
>
> Regards
> Marshall