March 12, 2012

Reviewing HOIC: A New Anonymous DDoS Tool

According to a recent article, there's a new a DDoS tool from Anonymous called high-orbit ion canon or HOIC (click image to BIGGIFY):


The claim is this:  LOIC did TCP, UDP and HTTP flooding, but HOIC focuses on HTTP only. HOIC includes a new feature called 'boosters' which are files you download or add to an attack machine which enables the attacker to manipulate headers such as language, referrer, host, etc.  This new feature is designed to bypass signature based systems by using a lot of different headers. Additionally, HOIC is supposedly faster. 

But is it really an improvement?  Overall, not really.  There are several reasons:

  • Problem 1:  HOIC seems like a step backwards in terms of usability as it requires client side installation and complex configuration files. LOIC offered the ability for people with limited technical skills to perform DDoS--definitely not the case with HOIC.
  • Problem 2: HOIC is indeed HTTP focused. However, HTTP flood is inherently slower than UDP flood and simple TCP flood.
  • Problem 3:  Just writing in the tool's description "HOIC is faster" does not make it faster and certainly does not explain why.  As they say in the automobile industry:  you can't judge until the rubber hits the road.
  • Problem 4: The "boosters" are nothing but configuration files that just allows broader targeting. HOIC could allow you to diversity DDoS attack, but mostly for pretty sophisticated users.  But as we point out in bullet #2 above, are you really gaining more in firepower?


Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.