Low Orbit Ion Cannon

The Low Orbit Ion Cannon (LOIC) is a tool that was developed by Praetox Technologies as a network stress testing application and then released into the public domain. This application is available as open source on Sourceforge.net and often used by malicious parties for DoS (denial of service) and DDoS (distributed denial of service) attacks. The LOIC is available for Windows, Linux, OS X, Android, and iOS. There is also a JavaScript version (JS LOIC) that can be embedded in a page and a web application that only requires the user to open the web browser (Low Orbit Web Cannon). The successor of LOIC is called the High Orbit Ion Cannon (HOIC). The name comes from a fictional weapon used in a video game.

The LOIC is a very simple application. It sends a stream of TCP packets, UDP packets, or HTTP GET packets to a selected host ur URL. Attackers use it to flood the target with bogus network traffic so that it has no resources to serve legitimate requests. LOIC cannot use proxies, so the IP address of the user is clearly visible to the target (stored in logs).

A single person using LOIC has very little impact but the application may run in hivemind mode. In this mode, the attackers use an IRC (Internet Relay Chat) channel for coordination and create a voluntary botnet (one participant is the master and the rest are slaves). If a large number of users flood the target server, it may experience a denial of service.

The Low Orbit Ion Cannon is a very basic attack tool that uses the simplest techniques. However, it is also very easy to install and use. This means that hacktivist organizations have no problems with getting a large number of people to participate in such attacks. It was used in the past in denial of service attacks that the 4Chan hacktivism group Anonymous organized against such companies like Mastercard and Paypal (Operation Payback), as well as organizations such as the Church of Scientology.

Low Orbit Ion Cannon

What Can I Use to Protect Against LOIC?

LOIC does not rely on any vulnerabilities. Therefore, vulnerability scanners and network scanners cannot be used to protect against it. Web application firewalls (WAF) work well for most DoS/DDoS attacks but intrusion detection/prevention systems (IDS/IPS) are the best tool to use to protect against such attacks in general.

DoS/DDoS attempts are best throttled at the Internet Service Provider level. If your web server is hosted on a renowned virtual cloud (for example, Akamai or Cloudflare), such services have sufficient protection. The best way to mitigate a DDoS attack is to have an infrastructure that can handle a lot of traffic. If this is not possible, make sure that you use the firewall to limit the number of connections per IP in a given period.

Can My Website Be Used For Attacks?

If your website is vulnerable, it can be used as an agent (zombie) in a DDoS attack. LOIC (or similar applications) may be installed in console mode and controlled using IRC. If an attacker can hack your website and get shell access (for example, using SQL Injection or Code Injection), they can make you participate in attacks. JS LOIC may also be injected into your web page using Cross-site Scripting. Any user visiting the page would then unwillingly and unknowingly participate in an attack.

Therefore, even if a tool like the Acunetix vulnerability scanner is not effective for you as a victim of a DoS/DDoS attack, it effectively protects you and your website visitors against becoming an unwilling accomplice of a crime. And becoming such an accomplice may have much more serious consequences than being a victim. Take a demo to make sure that you and your visitors are safe.

Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Tomasz Andrzej Nidecki (also known as tonid) is a Primary Cybersecurity Writer at Invicti, focusing on Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.