Sei sulla pagina 1di 6

AnonymousDDOSTools2016

Liron Segal, 2016-01-06

In February 2016, the hacktivist group Anonymous published a hacktivist message in a video posted on YouTube. The
video contains detailed examples of uses for various DDoS tools, and the video description contains a link to a zip le
containing these tools.

Screenshot from the Anonymous DDOS Tools 2016 video on YouTube.

2016 Tools Bundle


A substantial number of DDoS tools (20, in fact) are included in this bundle. All of them are easy to use and have nice GUI
menus. Its not necessary to have any understanding of how the attacks actually work in order to operate the tools. This
makes them very appealing to lay persons with little understanding of computer networking.

Screenshot from the video of multiple attack tools in use at once.

Most of the tools offer similar DDoS attack typesmostly HTTP, TCP, and UDP oodsbut there is some interesting
differentiation. For example, some tools offer more Layer 7 attack granularity, while providing the attacker control of the
attacked URL path and parameters and also supporting POST oods. Other tools are focused on a single attack type,
such as "Anonymous Ping Attack" and "Pringle DDOS", which only have ICMP ood capability.
such as "Anonymous Ping Attack" and "Pringle DDOS", which only have ICMP ood capability.

Screenshot of Pringle DDoS - a simple ICMP ooder

If an attacker wants to launch a powerful Low and Slow DDoS attack, surprisingly he or she will nd only a single tool in
this bundle, the well-known Slowloris.pl perl tool, which is not authored by Anonymous at all. R.U.D.Y and other slow
POST tools are noticeably missing from this bundle.

Another group of tools provide some evasions, such as support for sending requests with different user agent and
referer headers. For example, the UnKnown DoSer, a Layer 7 ooder, even supports randomization of URL, User-Agent,
and the Content-Length values in order to bypass hard-coded attack signatures.

Screenshot of UnKnown DoSer - a Layer 7 ooder, with request randomization capability

Screenshot of UnKnown DoSer attack trafc, demonstrating elds randomization

Can't get enough of LOIC


Low Orbit Ion Cannon-based (LOIC-based) tools are prominent in this bundle of DDoS tools: LOIC, JavaLOIC, LOIC-
IFC, LOIC-SD and NewLOIC. LOIC was notoriously known as the main attack delivery tool used in several Anonymous
Can't get enough of LOIC
Low Orbit Ion Cannon-based (LOIC-based) tools are prominent in this bundle of DDoS tools: LOIC, JavaLOIC, LOIC-
IFC, LOIC-SD and NewLOIC. LOIC was notoriously known as the main attack delivery tool used in several Anonymous
operations such as Operation Payback, Operation Chanology and more. Being JAVA based, JavaLOIC is a cross-
platform tool with a built-in proxy feature that enables an attacker to hide his or her own IP address.

Some Anonymous sub-groups localize and re-brand the LOIC tool. LOIC-SD was rst published by a Brazilian hacker
group called Script Defenders and is mainly designed to overcome a language barrier by translating LOIC's user interface
into Portuguese.

Script Defenders variant of LOIC

The "Indonesia Fighter Cyber" hacking group created LOIC-IFC, which differs only in the default TCP/UDP ood
message saying, "Merdeka atau Mati", which means "Freedom or Death" in Malay. From a technical perspective, it
provides additional ability to append random characters to the attacked URL in case of HTTP ood, and to the packet
payload in case of TCP/UDP.
payload in case of TCP/UDP.

Another LOIC-modied tool included in this bundle is NewLOIC, which, despite its name, offers no new functionality,
only a new GUI design.

Anonymous still consider LOIC and its various versions to be meaningful tools in its DDoS arsenal. In fact, a quarter of
the tools included in this bundle are LOIC-based tools, despite the risk of exposing the attackers IP address by using
these tools.

DDoS Tools Features Comparison


DDoS Tools Features Comparison

Some of the DDoS tools known to be used by Anonymous arent included in the published bundle. R.U.D.Y, keep-
dead.php, TORsHammer, THC-SSL-DOS, #Refref, and AnonStress are just some of the known tools that don't appear
here. Attack tools that use proxies in order to protect the identity of their users also seem to be missing in this bundle,
which makes potential Anonymous new recruits vulnerable to detection and prosecution.

Even so, Anonymous continues to strengthen its presence. By regularly publishing a variety of simple-to-use tools, the
group makes DDoS attacks more accessible and easy to perpetrate, with the obvious goal of recruiting more users to
support its hacktivist operations. Although not a single tool in the bundle is new, the group continues to terrorize the
world with every successful DDoS operation.

Mitigating The Threat


F5 mitigates a wide range of DDoS attacks, including those generated by Anonymous tools, using it's unique
combination of innovative security products and services.
F5s DDoS Protection solution protects the fundamental elements of an application (network, DNS, SSL, and HTTP)
against distributed denial-of-service attacks. Leveraging the intrinsic security capabilities of intelligent trafc management
and application delivery, F5 protects and ensures availability of an organization's network and application infrastructure
under the most demanding conditions.
F5 Networks, Inc. | 401 Elliot Avenue West, Seattle, WA 98119 | 888-882-4447 | f5.com
F5 Networks, Inc. F5 Networks F5 Networks Ltd. F5 Networks
Corporate Headquarters Asia-Pacific Europe/Middle-East/Africa Japan K.K.
info@f5.com apacinfo@f5.com emeainfo@f5.com f5j-info@f5.com

2017 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5
trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no
endorsement or affiliation, express or implied, claimed by F5. CS04-00015 0113

Potrebbero piacerti anche