LOIC or Low Orbit Ionic Cannon is a famous or rather infamous open source network stressing tool which it's intended use is for network and systems administrators to test how their system performs under large, dynamic network loads.

I found the project here on GitHub and saw there was an open call for more attack methods to be added so I thought I would try my hand at adding an ICMP ping flood method as LOIC was programmed in C# which I'm quite familiar with.

I chose to use an ICMP ping flood method as it seemed relatively easy to construct and it had not yet been added to the program so adding it would give network admins an extra bit of testing capability for this type of attack.

This was the first major project I was going to contribute to on GitHub and from this project I learnt

  • How to better understand someone else's code
  • How to do version control on GitHub
  • Network protocol programming within C#
  • How to test if a network operation is being successfully carried out

Figuring out how it works

The first step of coming onto a program this large was figuring out how everything fit together, As I was a Github newbie and a bit timid in asking the author how everything fit together, I set upon myself to simply delve into the source code and piece together every file. As LOIC contains over 128 files when downloaded as source I decided the best place to start as always was the main form.


From the main form there is a wealth of functionality, text boxes, drop down menus, images and tick boxes. I thought there was no better place to start than the big red or blue in this case attack button with"IMMA CHARGIN MAH LAZER" scrawled over it.

Using the handy F12, go to definition button I followed the method that the button called until I came across this block of code.

The above block of code initialises IFlooder objects under the variable name "Ts" depending on the protocol of attack selected by the user, within a for loop for the number of threads selected.

I knew in order to add my method to the code I would have to develop my own attack object and include a class constructor for the ICMP attack object (which is the constructor called in the image above)

After the object has been created ts.start is called and the object is added to the list of ts objects.

In order to find the best way to code my method I peeked at the methods that already existed within the program and found the majority of them were written in a cs file called cHLDos.cs in which I found a couple of consistent standards that I wanted to adhere as closely as possible to such as:

  • Instantiate a background worker with each object created.
  • Using methods for each background worker that have to be called "Start" and "Stop" in order to allow the main program to control the object.
  • Inherit from cHLDos so that a property called "State" can be used with each object created using the class.
  • Update the State property at every stage along the process so that the user has an idea about how effectively the attack is going.

I used the SlowLOIC method as  a rough template for my own class as I knew there would be little chance of having an inter-program error or breach good coding practises for this project if my class closely resembled a class already written.

Following the documentation available from microsoft for the ping sender objectI set about creating a constructor class that would

  • Construct a ping sender object based on the arguments entered in the UI and the ping options object
  • Construct a ping options object with a maximum TTL and fragmentation set to true if append random chars is also true
  • Send a ping asynchronously with either no data in the buffer or a random amount of data in the buffer.
  • If the random data buffer is selected then generate between 1 and 64999 random character bytes to be appended to the message
  • Cancel the "wait for reply function" as soon as the ping is sent.
  • dispose of the ping sender's resources so that memory is kept available.
  • Reuse the same ping sender object for the number of pings per thread selected.
  • Update the "State" at each stage to give the user a visible output.

The idea is that each one of the objects created loops through the cycle of sending pings on their own thread to truly asynchronously send ICMP pings to the target.

You can see the code I added at the bottom of the cHLDos.cs file here.

Once the constructor has finished executing, the object returned will only start sending packets once ts.start is called for each ts object in the main program.

This initiates the background worker in each object created in order to run the ping senders asynchronously. (and of course stopping when ts.stop is called). The number of objects created is dependent on the number of threads the user selects at the start as each background worker occupies one thread.

Once I added this code to my copy on Git and added some jiggery-pokery with the UI so that the user could select my method I tested it with wireshark and saw a wall of ICMP requests coming from my NIC which proves it works 🙂

I did some final bug testing to ensure that there were no data values that could be entered and submitted my pull request to the original author, NewEraCracker who was an awesome help with my first project.

I learnt very quickly I had messed up the additions/subtractions of the code and it was appearing on GitHub that I'd wrote every single file which was incorrect. So in order to fix these whitespace edits I just simply rebranched from the original master and added my changes on top of my copy using the GitHub Desktop Client.

After some review by the original author my code was merged (with some changes, incl. making my random function thread-safe)) which I'm really thankful for and glad that my work paid off.

I hope to contribute further to LOIC in the future and I'm more than ready to help with other projects on GitHub now that I've had my first real experience with version control (and learnt from my mistakes!).