|Original author(s)||Praetox Technologies|
|Operating system||Windows, Linux, OS X, Android, iOS|
Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms.
Low Orbit Ion Cannon - LOICDownload Link:- do not held responsible for any damage you may cause. This is for education.
LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP, UDP, or HTTP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.
Security experts quoted by the BBC indicated that well-written firewall rules can filter out most traffic from DDoS attacks by LOIC, thus preventing the attacks from being fully effective. In at least one instance, filtering out all UDP and ICMP traffic blocked a LOIC attack. Because internet service providers provide less bandwidth to each of their customers in order to provide guaranteed service levels for all of their customers at once, firewall rules of this sort are more likely to be effective when implemented at a point upstream of an application server's internet uplink. In other words, it is easy to cause an ISP to drop traffic destined for a customer by sending a greater amount of traffic than is allowed on that customer's link, and any filtration that occurs on the customer side after the traffic traverses that link will not stop the service provider from dropping excess traffic destined for that customer.
LOIC attacks are easily identified in system logs, and the attack can be tracked down to the IP addresses used.
Project Chanology and Operation Payback
LOIC was used by Anonymous (a group that spawned from the /b/ board of 4chan) during Project Chanology to attack websites from the Church of Scientology, once more to (successfully) attack the Recording Industry Association of America's website in October 2010, and it was again used by Anonymous during their Operation Payback in December 2010 to attack the websites of companies and organizations that opposed WikiLeaks.
In retaliation for the shutdown of the file sharing service Megaupload and the arrest of four workers, members of Anonymous launched a DDoS attack upon the websites of Universal Music Group (the company responsible for the lawsuit against Megaupload), the United States Department of Justice, the United States Copyright Office, the Federal Bureau of Investigation, the MPAA, Warner Music Group and the RIAA, as well as the HADOPI, all on the afternoon of January 19, 2012, through LOIC. In general, the attack hoped to retaliate against those who Anonymous members believed harmed their digital freedoms.
Origin of name
The LOIC application is named after the ion cannon, a fictional weapon from many sci-fi works, video games, and in particular after its namesake from the Command & Conquer series. The artwork used in the application was a concept art for Command & Conquer 3: Tiberium Wars.
While downloading and using the LOIC on one's own personal servers as a means of stress-testing is perfectly legal at least in the United States, using the program to perform a DDoS attack on other parties could be considered a felony under the Computer Fraud and Abuse Act of 1986. (CFAA) This charge could result in up to 20 years of imprisonment, a fine or both. 
Low Ion Cannon Booter
- ^SourceForge: 
- ^'Praetox Techlologies'. Archived from the original on 2010-10-08.
- ^'LOIC Free Security & Utilities software downloads at'. Sourceforge.net. Retrieved 2014-11-17.
- ^'NewEraCracker/LOIC · GitHub'. Github.com. Retrieved 2013-11-22.
- ^'Pro-Wikileaks activists abandon Amazon cyber attack'. BBC News. 9 December 2010.
- ^Warren, Christina (December 9, 2010). 'How Operation Payback Executes Its Attacks'. Mashable.
- ^'Command & Conquer FAQ/Walkthrough for Nintendo 64 by DTran - GameFAQs'. www.gamefaqs.com. Retrieved 9 May 2017.
- ^Chapple, Mike; Chapple, University of Notre Dame Mike; Seidl, David (1 August 2014). Cyberwarfare. Jones & Bartlett Publishers. ISBN9781284058499. Retrieved 9 May 2017 – via Google Books.
- ^'Anonymous Wikileaks supporters explain web attacks'. BBC. 10 December 2010. Retrieved 12 December 2010.
- ^ ab'The attacks on GRC.COM'(PDF). GRC.com. 2001-02-06. Retrieved 2012-01-25.
- ^Nardi, Tom (March 3, 2012). 'Low Orbit Ion Cannon: Exposed'. The Powerbase. Archived from the original on March 6, 2012. Retrieved March 4, 2012.
- ^Hachman, Mark (October 29, 2010). ''Anonymous' DDoS Attack Takes Down RIAA Site'. PC Magazine.
- ^Moses, Asher (December 9, 2010). 'The Aussie who blitzed Visa, MasterCard and PayPal with the Low Orbit Ion Cannon'. The Age. Melbourne.
- ^'Anonymous Wikileaks supporters mull change in tactics'. BBC News. December 10, 2010.
- ^'Anonymous Hackers Hit DOJ, FBI, Universal Music, MPAA And RIAA After MegaUpload Takedown'. Forbes. Retrieved 2013-11-22.
- ^'THE INFORMATION DEFENSE INDUSTRY AND THE CULTURE OF NETWORKS - Amodern'. Amodern. Retrieved 2018-11-09.
- ^Homeworld, Homeworld 2, Unreal Tournament 2004, Ogame, Ratchet & Clank: Up Your Arsenal, StarCraft
- ^metatags generator (2012-09-27). 'Low Orbit Ion Cannon'. Archived from the original on September 27, 2012. Retrieved 2013-11-22.CS1 maint: unfit URL (link)
- ^'18 U.S. Code § 1030 - Fraud and related activity in connection with computers'. LII / Legal Information Institute. Retrieved 2018-10-07.
|Wikimedia Commons has media related to Low Orbit Ion Cannon.|
The DOS (Denial of service) attack is one of the more powerful hacks, capable of completely taking a server down. In this way, the server will not be able to handle the requests of valid users. With a DOS attack, many computer systems connected to the internet will try to flood a server with false requests, leading to a service disruption. There are many ways in which an attacker can enact this attack on a server system over the network or the internet. Some hackers try this attack with their own coded tools while others use previously available tools.
A LOIC (Low Orbit Ion Cannon) is one of the most powerful DOS attacking tools freely available. If you follow news related to hacking and security issues, you doubtless have been hearing about this tool for the past several months. It has become widely used, including in some highly-publicized attacks against the PayPal, Mastercard and Visa servers a few months back. This tool was also the weapon of choice implemented by the (in)famous hacker group, Anonymous, who have claimed responsibility for many high profile hacking attacks, among them, hacks against Sony, the FBI and other US security agencies. The group not only used this tool, but also requested that others download it and join Anonymous attacks via IRC.
In this brief article, I will give an overview and operational model of the tool. There are 2 versions of the tool: the first is the binary version, which is the original LOIC tool. The other is web-based LOIC or JS LOIC.
Figure 1: Original LOIC
How To Install Low Orbit Ion Cannon
About The Original LOIC Tool:
The LOIC was originally developed by Praetox Technologies as a stress testing application before becoming available within the public domain. The tool is able to perform a simple dos attack by sending a large sequence of UDP, TCP or HTTP requests to the target server. It’s a very easy tool to use, even by those lacking any basic knowledge of hacking. The only thing a user needs to know for using the tool is the URL of the target. A would-be hacker need only then select some easy options (address of target system and method of attack) and click a button to start the attack.
The tool takes the URL of the target server on which you want to perform the attack. You can also enter the IP address of the target system. The IP address of the target is used in place of an internal local network where DNS is not being used. The tool has three chief methods of attack: TCP, UDP and HTTP. You can select the method of attack on the target server. Some other options include timeout, TCP/UDP message, Port and threads. See the basic screen of the tool in the snapshot above in Figure 1.
The LOIC version used by Anonymous group attacks was different than the original LOIC. It had an option to connect the client to the IRC (Internet Relay Chat). This allowed the tool to be remotely controlled, using the IRC protocol. In that case, the user machine became part of a botnet. A botnet is a system of compromised computer systems connected to each other via the internet, which are in turn controlled by the attacker who directs the malware toward his / her target. The bigger the botnet, the more powerful the attack is.
Figure 2: Modified version of LOIC with an option for IRC connect
Type of attacks: As I’d mentioned previously, the LOIC uses three different types of attacks (TCP, UDP and HTTP). All three methods implement the same mechanism of attack. The tool opens multiple connections to the target server and sends a continuous sequence of messages which can be defined from the TCP/UDP message parameter option available on the tool. In the TCP and UDP attacks, the string is sent as a plain text but in the HTTP attack, it is included in the contents of a HTTP GET message.
This tool continues sending requests to the target server; after some time, the target server becomes overloaded. In this way, the target server will no longer be able to respond to requests from legitimate users, effectively shutting it down.
Analysis of the attack:
UDP Attack: To perform the UDP attack, select the method of attack as UDP. It has port 80 as the default option selected, but you can change this according to your need. Change the message string or leave it as the default.
TCP Attack: This method is similar to UDP attack. Select the type of attack as TCP to use this.
HTTP Attack: In this attack, the tool sends HTTP requests to the target server. A web application firewall can detect this type of attack easily.
How to use LOIC to perform a Dos attack: Just follow these simple steps to enact a DOS attack against a website (but do so at your own risk).
- Step 1: Run the tool.
- Step 2: Enter the URL of the website in The URL field and click on Lock O. Then, select attack method (TCP, UDP or HTTP). I will recommend TCP to start. These 2 options are necessary to start the attack.
Figure3: LOIC in action (I painted the URL and IP white to hide the identity of the victim in snap)
- Step 3: Change other parameters per your choice or leave it to the default. Now click on the Big Button labeled as “IMMA CHARGIN MAH LAZER.” You have just mounted an attack on the target.
After starting the attack you will see some numbers in the Attack status fields. When the requested number stops increasing, restart the LOIC or change the IP. You can also give the UDP attack a try. Users can also set the speed of the attack by the slider. It is set to faster as default but you can slow down it with the slider. I don’t think anyone is going to slow down the attack.
Here’s the meaning of each field:
- IDLE: It shows the number of threads idle. It should be zero for higher efficiency of the attack.
- Connecting: This shows the number of threads that are trying to connect to the victim server.
- Requesting: This shows the number of threads that are requesting some information from the victim server.
- Downloading: This shows the number of threads that are initiating some download for some information from the server.
- Downloaded: This number shows how many times data downloading has been initiated from victim server on which you are attacking.
- Requested: This number shows how many times a data download has been requested from victim server.
- Failed: This number shows how many times the server did not respond to the request. A larger number in this field means the server is going down. The success of the attack can be measured by the number shown in this field.
LOIC in HIVEMIND: The windows version of LOIC has a feature called HIVEMIND. With this, users can connect their client to an IRC server. In this way, it can be controlled remotely, thus facilitating some risky attacks, so use this wisely. But connecting to an IRC server will not allow a remote administration of your machine or any other risks to your system: it will only control your LOIC client. This method was used to collect more people in the DDOS attack against Visa, Mastercard, and other financial organizations that supported Wikileaks. (The attack was called “Operation Pay-back.”)
In this mode, thousands of system attacks on a single website to made a real impact. The more people that joined the attack via IRC, the more powerful the attack became.
To start LOIC in HIVEMIND mode, run this command in the command prompt:
LOIC.exe /hivemind irc.server.address
After running the above command, your LOIC client will connect to irc://irc.server.adress:6667/loic
You can also set more parameters in the command to use the tool in better way. Use port and channel too with the command.
LOIC.exe /hivemind irc.server.address 1234 #secret
It will connect to irc://irc.server.adress:1234/secret
HIDDEN MODE: You can also run your LOIC in hidden mode while using it in HIVEMIND. Running in hidden mode means LOIC will run without any visible GUI at your windows system. Just add /HIDDDEN in your command.
LOIC.exe /hidden /hivemind irc.server.address
It will connect LOIC client to irc://irc.server.adress:6667/loic without any visible GUI on windows.
Drawbacks of using LOIC: The main drawback of LOIC as a DOS attack tool is that it is very easy to find the attacker. This tool does not take any precautions to hide IP address of the origin of the attack. Attacks generated by this tool are simple and expose the IP address of attacker in each request packet sent to victim server to flood the request queue. If you are thinking that we can use proxies to solve this problem, you are wrong. Attackers cannot use proxies in these attacks because your requests will hit the proxy server, not the target server. So you will not be able to launch a DOS attack on the server effectively while using a proxy. But some analysts say that this can be used with a proxy server if the proxy is robust enough. According to them, all your request packets will be forwarded to the server system by proxy at the end.
How to prevent the attack of LOIC: LOIC is available for free to download and use, and can be used effectively with very little hacking experience. Anyone that wants to can attack a website with this tool.
As discussed above, the attack of this tool is simple and easy to identify. A well-configured firewall is enough to prevent the attack from being fully effective. And a server administrator can see the request logs to identify the IP and block the IP from the server. Every website owner or server administrators should monitor the traffic and all the activities being performed on the server. This can help well enough against the attack. But this will not help you when a network of LOIC clients will fire on the server system all at once. Protecting the server with a Firewall configured to filter the packets sent by the LOIC is the best way to protect against the attack.
Conclusion: In past few months, this tool was downloaded millions of times and used against some big websites such as Mastercard, Visa, and PayPal to support Wikileaks. The group known as Anonymous used this tool to attack these websites, but it was not traceable. A lot of people joined the team with the IRC network, so no one knows who the real persons behind the group were, within such a large network of systems used in the attacks.
Use of this tool means sending some one threatening messages with your address and phone number. You will be easily caught. In some countries, a DOS attack is not illegal. You can use this tool as an individual, but this tool is not going to help you if you will use it with your system alone. You will need a network of systems to join your attack. This tool is easy to use and see the demonstration of DOS attack. But try it on your own risk.
This tool is available for free on the internet so any person can download it and create a problem for any website. Although catching the attacker is easy, protection against such an attack is relatively easy to achieve. I suggest each company and server administrator make sure that their firewall is configured to protect from the attack generated by LOIC.
INTERESTED IN LEARNING MORE? CHECK OUT OUR ETHICAL HACKING TRAINING COURSE. FILL OUT THE FORM BELOW FOR A COURSE SYLLABUS AND PRICING INFORMATION.