LOIC tool used in the "Anonymous" attacks
John Adams
jna at retina.net
Sat Dec 11 12:52:41 PST 2010
It's hard to believe that it took eight people to run wireshark and
write this simplistic paper about LOIC. The analysis is weak at best
(it seems they only had a few days to study the problem), and never
analyzes the source code which has been widely available at
https://github.com/NewEraCracker/LOIC
A cursory analysis of HTTPFlooder.cs would give you all you need to
know to understand the attack and block the tool; If you find your
network attacked by this tool, you'll immediately discover a large
volume of HTTP requests with no User-Agent or Accept: headers. Drop
those requests at the border.
You can also compile requests of that nature to analyze the size of
the swarm that is attacking you. In analysis, I've found this to be on
the order of 2000-3000 hosts. It's a decently sized ACL to place on
your ingress routers, but these attacks can be thwarted.
-j
On Sat, Dec 11, 2010 at 7:19 AM, Marshall Eubanks <tme at multicasttech.com> wrote:
> Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.
>
> http://www.simpleweb.org/reports/loic-report.pdf
>
> LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
>
> Regards
> Marshall
>
>
>
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list