LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP packets or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.
What is a denial-of-service (DoS) attack? In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.
The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.
An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.
What is a distributed denial-of-service (DDoS) attack? In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.
dos and ddos attacks
Attacker exhaust available server resources by sending hundreds of resource-intensive requests,such as pulling out large image files or requesting dynamic pages that require expensive search operations on the backend database servers
Why Are Application Vulnerable?
Reasonable Use Expectations
Application Environment Bottlenecks
Implementation Flaws
poor Data Validation
Web Server Resource ConsumptionTargets
CPU,Memory and Sockets
Disk Bandwidth
Database Bandwidth
Worker Processes
Web Services UnavailabilityApplication-Level DOS attacks enulate the same request syntex and network-Level traffic characteristics as that of the legitimate clients,which makes it undetectable by existing DOS protection measures .
Login Attacks The attacker may overload the login process by continually sending login requests that require the presentation tier to access the authentication mechanism,rendering it unavailable or unreasonably slow to respond.User Registration DOSThe attacker could create a program that submits the registration forms repeatedly ;adding a large number of squrious users to the application.
Account Lock-OUT Attacks
The attacker may enumerate username through another vulerability n the application and then attempt to authenticate to the site using valid username and incorrect passwords which will lock out the account after the specified number of failed attempts.At this point legitimate users will not be able to use the site .
User Enumeration
If application states which part of the username/password pair is incorrect,an attacker can automate the process of trying common usernames from a dictionary file to enumerate the users of the Application.
How do you know if an attack is happening?
Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack:
unusually slow network performance (opening files or accessing websites)
unavailability of a particular website
inability to access any website
dramatic increase in the amount of spam you receive in your account
How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:
Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).
Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information).
Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.
The Web Jacking Attack Vector is another phishing technique that can be used in social engineering engagements.Attackers that are using this method are creating a fake website and when the victim opens the link a page appears with the message that the website has moved and they need to click another link.If the victim clicks the link that looks real he will redirected to a fake page.
The social engineering toolkit has already import this kind of attack.So we are going to use the SET in order to implement this method.We are opening SET and we select the option 2 which is the Website Attack Vectors.
We will see a list with the available web attack methods.The attack that we are going to use is of course the Web Jacking Attack so we select option number 6.
In the next menu we have 3 options:
Web Templates
Site Cloner
Custom Import
We will select the site cloner in order to clone the website of our interest.Remember that this type of attack works with the credential harvester method so we need to choose a website that it has username and password fields in order the attack to have success.For this scenario as you can see in the image below we have select to clone Facebook because of its popularity.
Now it is time to send our the link with our IP address to the victim.Lets see what the victim will see if he opens the link.
As you can see a message will appear informing the user that the website has moved to a new location.The link on the message seems valid so any unsuspicious users will click on the link.At that time a new page will load into the victim’s browser which it will be fake and is running on our web server.
If the victim enters his credentials into the fake Facebook page that looks like the real one then we will be able to capture his username and password.The next image is showing that:
