Low Orbit Ion Cannon (LOIC) is a DoS attack script that disrupts a targeted server by sending a large volume of TCP or HTTP requests, or via a UDP flood. It does not require computer knowledge and is therefore probably the most used and most popular DoS attack script. The tool only requires the URL of the server’s IP address and after selecting the attack parameters, it carries out the attack.
The tool has a HIVEMIND mode, which allows attackers to control remote LOIC systems to perform a larger DDoS attack utilizing a botnet. A single LOIC will likely have little effect, but once in which thousands of users run LOIC simultaneously can shut down a web server, and/or its surrounding infrastructure, preventing legitimate requests from being answered.
LOICs have been used in several notable attacks, including by the Anonymous group in Project Chanology against the Church of Scientology in 2008 and the Recording Industry Association of America in 2010. Anonymous not only used the tool, but also encouraged other Internet users to launch their own LOIC attacks against their targets.
LOIC was initially developed by Praetox Technologies, but then released into the public domain and remains available on various open source platforms.
Well-written firewall rules are able to filter out most traffic from DDoS attacks by LOIC, preventing them from being fully effective. Filtering out all UDP and ICMP traffic can block LOIC attacks, for instance. Firewall rules of this kind will be more effective when implemented at a point upstream of an application server’s internet uplink as internet service providers (ISPs) provide less bandwidth to each of their customers in order to provide guaranteed service levels for all their customers.
LOIC attacks are easily identified in system logs, and the attack can typically be tracked back to the IP addresses used at the attack source. However, sometimes the logfiles which record incoming connections are knocked offline as part of the attack; and even if they are still available, a LOIC user can claim to be just a regular user on their network, or say that their machine was forced into becoming a botnet without their knowledge.