Reviewing HOIC: A New Anonymous DDoS Tool
According to a recent article, there's a new a DDoS tool from Anonymous called high-orbit ion canon or HOIC (click image to BIGGIFY):
The claim is this: LOIC did TCP, UDP and HTTP flooding, but HOIC focuses on HTTP only. HOIC includes a new feature called 'boosters' which are files you download or add to an attack machine which enables the attacker to manipulate headers such as language, referrer, host, etc. This new feature is designed to bypass signature based systems by using a lot of different headers. Additionally, HOIC is supposedly faster.
But is it really an improvement? Overall, not really. There are several reasons:
- Problem 1: HOIC seems like a step backwards in terms of usability as it requires client side installation and complex configuration files. LOIC offered the ability for people with limited technical skills to perform DDoS--definitely not the case with HOIC.
- Problem 2: HOIC is indeed HTTP focused. However, HTTP flood is inherently slower than UDP flood and simple TCP flood.
- Problem 3: Just writing in the tool's description "HOIC is faster" does not make it faster and certainly does not explain why. As they say in the automobile industry: you can't judge until the rubber hits the road.
- Problem 4: The "boosters" are nothing but configuration files that just allows broader targeting. HOIC could allow you to diversity DDoS attack, but mostly for pretty sophisticated users. But as we point out in bullet #2 above, are you really gaining more in firepower?
Authors & Topics: