Using the Low Orbit Ion Cannon for Denial of Service Testing
Using the Low Orbit Ion Cannon for Denial of Service Testing
A very common attack technique in use today is the Denial of Service (DoS) attack. DoS attacks are effective in degrading the performance of targeted systems, effectively taking them offline and preventing legitimate system use. A typical DoS attack goes like this:
- The attacker identifies one or more computers on the Internet as targets
- The attacker determines what ports the targets service for legitimate services e.g. port 80 for web servers, port 25 for SMTP
- The attacker sends a flood of network traffic to the target server and port
- The target must process all of the traffic to service the real requests
- The target cannot maintain desired performance levels while continuing to process the massively increased traffic
- The target either shuts down entirely or begins to service less than 100% of the requests
The degradation of performance, whether it is a shutdown or a reduction or delay in traffic processing, marks the success of a Denial of Service attack. If the attack is unsuccessful when conducted from a single host it can be scaled out to multiple attacking hosts. This results in a Distributed Denial of Service (DDoS) attack which is exceptionally difficult to defend against.
Most IT professionals want to know whether their systems can withstand a DoS attack. Luckily there is a great tool available to test this scenario. And it is the same tool that attackers frequently use to conduct actual attacks. It is the Low Orbit Ion Cannon.
Using the Low Orbit Ion Cannon
I often recommend to system administrators to use actual attacker tools to determine the security and resilience of a connected system. The Low Orbit Ion Cannon (LOIC) is a great and simple tool for DoS and DDoS testing.
The Low Orbit Ion Cannon can be downloaded from Sourceforge in a few forms. I’ll demonstrate it here using the Java version as shown in Figure 1.
Figure 1. The default Low Orbit Ion Cannon startup screen.
To test a server, simply type in the IP address in the Host field or the FQDN in the URL field. I’m going to use 10.0.1.1 here, a server on my network. Once I press Get it locks the IP address in as the target as shown in Figure 2.
Figure 2. Targeting 10.0.1.1 with the Low Orbit Ion Cannon.
Next I select a port and protocol that I believe the target will process. Since this server handles HTTP requests I’ll target port 80. Now all I do is click Attack! and the Low Orbit Ion Cannon starts to fire network traffic at the server as shown in Figure 3.
Figure 3. An attack in progress!
This attack is using the default values for network timeout, threads, traffic, and delay. And even though the default traffic volume appears to be relatively low, this attack is consuming roughly 20% of the CPU resource on the target server. The target server is not protected from DoS in any special way but does have both a host-based and network-based firewall. So one attacker, through a switch and two firewalls, can consume 20% CPU utilization.
What Do I Do With This Test?
Once you’ve conducted the test on your own non-production systems you will have a fairly clear idea of the potential impact that this type of attack will have. From there you need to determine whether countermeasures are required or justified based on a Return on Investment (ROI) calculation. The test simulates an attack and leaves the remediation options to you.
So now you know how a DoS attack works and how it will impact your systems. And knowing is half the battle!
Stay safe!
Mike Danseglio -CISSP / MCSE / CEH
Interface Technical Training – Technical Director and Instructor
Mike Danseglio teaches Security classes at Interface Technical Training. His classes can be attended in Phoenix, Arizona or online from anywhere in the world with RemoteLive.
- CISSP (Certified Information Systems Security Professional)
- Certified Ethical Hacking and Countermeasures v8
- CompTIA Security + Certification Skills
You May Also Like
DDos Testing, denial of service, DoS, Dos Testing, FQDN, Host field, LOIC, Low Orbit Ion Cannon, port 25, port 80, Return on Investment, ROI, Sourceforge
A Simple Introduction to Cisco CML2
0 3804 0Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2
Cable Testers and How to Use them in Network Environments
0 694 1This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments
OSPF Adjacency Troubleshooting Solution – Getting Close to the OSPF adj
0 249 1In this video, Cisco CCNA & CCNP instructor Mark Jacob shows how to troubleshoot OSPF Adjacency issues by showing the distance between routers with the show ip ospf neighbor command.