Re: LOIC tool used in the "Anonymous" attacks
On Sat, Dec 11, 2010 at 11:59:07AM -0800, andrew.wallace wrote: > I was reading about this- yeah really "anonymous". > > http://praetorianprefect.com/archives/2010/12/anonymous-releases-very-unanonymous-press-release/ > > Also: > > http://www.boingboing.net/2010/12/11/anonymous-isnt-loic.html All we know with certainty is that there is *a* name in the metadata. Why would anyone conclude that it is definitely the name of the author? -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: LOIC tool used in the "Anonymous" attacks
Like I said the other day on Cnet comments section, December 10, 2010 3:31 PM PST. "It is extremely easy to find out who everyone is, because the "anonymous" is decentralised and easy to infiltrate and manipulate." Andrew From: Leo Bicknell To: North American Network Operators Group Cc: Sent: Saturday, 11 December 2010, 21:21:29 Subject: Re: LOIC tool used in the "Anonymous" attacks Perhaps the authors of the tool would rather keep the finite law enforcement busy rounding up clueless highschool kids who install this tool. In that sense it's both a network packet DDOS, and a law enforcement attacker DDOS. Brilliant in a way.
Re: LOIC tool used in the "Anonymous" attacks
On Dec 11, 2010, at 4:21 PM, Leo Bicknell wrote: > In a message written on Sat, Dec 11, 2010 at 10:19:32AM -0500, Marshall > Eubanks wrote: >> LOIC makes no attempt to hide the IP addresses of the attackers, making it >> easy to trace them if they are using their own computers. > > Perhaps the authors of the tool would rather keep the finite law > enforcement busy rounding up clueless highschool kids who install > this tool. > > In that sense it's both a network packet DDOS, and a law enforcement > attacker DDOS. Brilliant in a way. Or maybe that's a feature, not a bug. False flag operations to ensnare the clueless have a long history of running code. Regards Marshall > > > -- > Leo Bicknell - bickn...@ufp.org - CCIE 3440 >PGP keys at http://www.ufp.org/~bicknell/
Re: LOIC tool used in the "Anonymous" attacks
In a message written on Sat, Dec 11, 2010 at 10:19:32AM -0500, Marshall Eubanks wrote: > LOIC makes no attempt to hide the IP addresses of the attackers, making it > easy to trace them if they are using their own computers. Perhaps the authors of the tool would rather keep the finite law enforcement busy rounding up clueless highschool kids who install this tool. In that sense it's both a network packet DDOS, and a law enforcement attacker DDOS. Brilliant in a way. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpjN4xv45zeC.pgp Description: PGP signature
Re: LOIC tool used in the "Anonymous" attacks
It's hard to believe that it took eight people to run wireshark and write this simplistic paper about LOIC. The analysis is weak at best (it seems they only had a few days to study the problem), and never analyzes the source code which has been widely available at https://github.com/NewEraCracker/LOIC A cursory analysis of HTTPFlooder.cs would give you all you need to know to understand the attack and block the tool; If you find your network attacked by this tool, you'll immediately discover a large volume of HTTP requests with no User-Agent or Accept: headers. Drop those requests at the border. You can also compile requests of that nature to analyze the size of the swarm that is attacking you. In analysis, I've found this to be on the order of 2000-3000 hosts. It's a decently sized ACL to place on your ingress routers, but these attacks can be thwarted. -j On Sat, Dec 11, 2010 at 7:19 AM, Marshall Eubanks wrote: > Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" > Operation Payback attacks on Mastercard, Paypal, etc. > > http://www.simpleweb.org/reports/loic-report.pdf > > LOIC makes no attempt to hide the IP addresses of the attackers, making it > easy to trace them if they are using their own computers. > > Regards > Marshall > > >
Re: LOIC tool used in the "Anonymous" attacks
I was reading about this- yeah really "anonymous". http://praetorianprefect.com/archives/2010/12/anonymous-releases-very-unanonymous-press-release/ Also: http://www.boingboing.net/2010/12/11/anonymous-isnt-loic.html Andrew From: Stefan Fouant To: 'Marshall Eubanks' ; 'North American Network Operators Group' Cc: Sent: Saturday, 11 December 2010, 17:34:20 Subject: RE: LOIC tool used in the "Anonymous" attacks I think the skill level of these guys is clearly evidenced by one of the members who forgot to remove the metadata from their most recent "press release". Stefan
RE: LOIC tool used in the "Anonymous" attacks
> -Original Message- > From: Marshall Eubanks [mailto:t...@multicasttech.com] > Sent: Saturday, December 11, 2010 10:20 AM > To: North American Network Operators Group > Subject: LOIC tool used in the "Anonymous" attacks > > Interesting analysis of the 3 "LOIC" tool variants used in the > "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc. > > http://www.simpleweb.org/reports/loic-report.pdf > > LOIC makes no attempt to hide the IP addresses of the attackers, making > it easy to trace them if they are using their own computers. IMO, LOIC is a very unsophisticated tool. There are methods the attackers could have used to obfuscate their IP (while still employing a complete TCP 3-way handshake) if they were a bit more knowledgeable. Although it's equivalent to a sophomore year CS project, it has benefit of being "easy to use" and so lowers the barrier to entry for would-be script kiddies looking for a fun afternoon. There is also evidence of its use in the wild outside of "the hive". I think the skill level of these guys is clearly evidenced by one of the members who forgot to remove the metadata from their most recent "press release". Stefan
Re: LOIC tool used in the "Anonymous" attacks
Interesting.. there's an ED about LOIC http://encyclopediadramatica.com/LOIC it even gives a instruction on how to deny the use of the tool: (funny) What if I get caught and V&d? You probably won't. It's recommended that attack with over 9000 other anons while attacking alone pretty much means doing nothing. If you are a complete idiot and LOIC a small server alone, there is a chance of getting V&. No one will bother let alone have the resources to deal with DDoS attacks that happens every minute around the world. Then theres always the botnet excuse. Just say your pc was infected by a botnet and you have since ran antivirus programs and what not to try to get rid of it. Or just say you have NFI what a DDoS is at all. PROTIP: If you do get V&: ALWAYS deny it, Explain it was botnet, Say you have dynamic IP and that they have the wrong guy. Also, epic lolz will be achieved because you are a fag. DDOS ONLY IN GROUPS On Sat, Dec 11, 2010 at 9:19 AM, Marshall Eubanks wrote: > Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" > Operation Payback attacks on Mastercard, Paypal, etc. > > http://www.simpleweb.org/reports/loic-report.pdf > > LOIC makes no attempt to hide the IP addresses of the attackers, making it > easy to trace them if they are using their own computers. > > Regards > Marshall > > > -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
LOIC tool used in the "Anonymous" attacks
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc. http://www.simpleweb.org/reports/loic-report.pdf LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers. Regards Marshall