Using the Low Orbit Ion Cannon for Denial of Service Testing

Home > Blogs > Security > Using the Low Orbit Ion Cannon for Denial of Service Testing

Using the Low Orbit Ion Cannon for Denial of Service Testing

Like This Blog 0 Mike Danseglio
Added by August 8, 2014

A very common attack technique in use today is the Denial of Service (DoS) attack. DoS attacks are effective in degrading the performance of targeted systems, effectively taking them offline and preventing legitimate system use. A typical DoS attack goes like this:

  1. The attacker identifies one or more computers on the Internet as targets
  2. The attacker determines what ports the targets service for legitimate services e.g. port 80 for web servers, port 25 for SMTP
  3. The attacker sends a flood of network traffic to the target server and port
  4. The target must process all of the traffic to service the real requests
  5. The target cannot maintain desired performance levels while continuing to process the massively increased traffic
  6. The target either shuts down entirely or begins to service less than 100% of the requests

The degradation of performance, whether it is a shutdown or a reduction or delay in traffic processing, marks the success of a Denial of Service attack. If the attack is unsuccessful when conducted from a single host it can be scaled out to multiple attacking hosts. This results in a Distributed Denial of Service (DDoS) attack which is exceptionally difficult to defend against.

Most IT professionals want to know whether their systems can withstand a DoS attack. Luckily there is a great tool available to test this scenario. And it is the same tool that attackers frequently use to conduct actual attacks. It is the Low Orbit Ion Cannon.

Using the Low Orbit Ion Cannon

I often recommend to system administrators to use actual attacker tools to determine the security and resilience of a connected system. The Low Orbit Ion Cannon (LOIC) is a great and simple tool for DoS and DDoS testing.

The Low Orbit Ion Cannon can be downloaded from Sourceforge in a few forms. I’ll demonstrate it here using the Java version as shown in Figure 1.

001-Java-Version-Low-Orbit-Ion-Cannon-for-Denial-of-Service-Testing

Figure 1. The default Low Orbit Ion Cannon startup screen.

To test a server, simply type in the IP address in the Host field or the FQDN in the URL field. I’m going to use 10.0.1.1 here, a server on my network. Once I press Get it locks the IP address in as the target as shown in Figure 2.

002-targeting-Version-Low-Orbit-Ion-Cannon-for-Denial-of-Service-Testing

Figure 2. Targeting 10.0.1.1 with the Low Orbit Ion Cannon.

Next I select a port and protocol that I believe the target will process. Since this server handles HTTP requests I’ll target port 80. Now all I do is click Attack! and the Low Orbit Ion Cannon starts to fire network traffic at the server as shown in Figure 3.

003-attack-in-progress-Low-Orbit-Ion-Cannon-for-Denial-of-Service-Testing

Figure 3. An attack in progress!

This attack is using the default values for network timeout, threads, traffic, and delay. And even though the default traffic volume appears to be relatively low, this attack is consuming roughly 20% of the CPU resource on the target server. The target server is not protected from DoS in any special way but does have both a host-based and network-based firewall. So one attacker, through a switch and two firewalls, can consume 20% CPU utilization.

What Do I Do With This Test?

Once you’ve conducted the test on your own non-production systems you will have a fairly clear idea of the potential impact that this type of attack will have. From there you need to determine whether countermeasures are required or justified based on a Return on Investment (ROI) calculation. The test simulates an attack and leaves the remediation options to you.

So now you know how a DoS attack works and how it will impact your systems. And knowing is half the battle!

Stay safe!

Mike Danseglio -CISSP / MCSE / CEH
Interface Technical Training – Technical Director and Instructor

Mike Danseglio teaches Security classes at Interface Technical Training. His classes can be attended in Phoenix, Arizona or online from anywhere in the world with RemoteLive.

Videos You May Like

Agile Methodology in Project Management

0 154 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1482 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 608 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.