High Orbit Ion Cannon

Source: Wikipedia, the free encyclopedia.
High Orbit Ion Cannon
Size1.8 MB
Available inEnglish
TypeNetwork stress-testing
LicensePublic domain
Websitesourceforge.net/projects/high-orbit-ion-cannon/

High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.[1][2]

Development

HOIC was developed during the conclusion of

HTTP headers of attacking computers, allowing thousands upon thousands of highly randomized combinations for user agents.[8] Apart from allowing user agents to implement some form of randomization countermeasures the booster files can and have been used to increase the magnitude of the attack.[9]

Nomenclature

HOIC and its predecessor, the

Command & Conquer series of video games are considered to be the inspiration for the graphics on the software's GUI and website.[10]

Use

Simply described, HOIC is a program for sending

VB .NET syntax. In addition, HOIC can simultaneously attack up to 256 domains, making it one of the most versatile tools for hackers who are attempting to co-ordinate DDoS attacks as a group.[12]

The minimalist GUI of the tool makes it user friendly and easy to control. The basic routine of an attack is to input the URL of the website which is to be attacked, and set the power option on low, medium or high. The power option sets the request velocity with low at two requests per second, medium at four and high at eight requests per second. Then a booster file is added which uses .hoic extension to define dynamic request attributes, launch attacks on multiple pages within the same website and help evade some defense filters. The attack is then launched by pressing the red button in the GUI labelled as "Fire Teh Lazer".[13]

High Orbit Ion Cannon's interface for targeting a website for stressing

Limitations

The basic limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful. Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection.[8] Another limiting factor is the lack of anonymizing and randomizing capability. Even though HOIC should, in theory, offer anonymizing through the use of booster files, the actual protection provided is not enough. Furthermore, anonymizing networks such as TOR are not capable of handling the bandwidth of attacks generated by HOIC. Any attempt to launch an attack using the TOR network will actually harm the network itself.[11] However, Anonymous members routinely use proxy servers based in Sweden to launch their attacks. It has been speculated that this is due to the notion that Sweden may have less internet privacy laws than the rest of the world.[11][14]

Legality

Primarily, HOIC has been designed as a stress testing tool and can be lawfully used as such to stress test local networks and servers provided the person initiating the test has authorization to test and as long as no other networks, servers, clients, networking equipment or URLs are disrupted.[15]

HOIC can also be used to perform distributed denial-of-service attacks, which are illegal under various statutes. The

Department of Justice under USC Title 18, Section 1030.[18]

In 2013,

Anonymous petitioned the United States government via We the People, demanding that DDoS attacks be recognized as a form of virtual protest similar to Occupy protests.[19]

Countermeasures

intrusion prevention system (IPS) and intrusion detection system (IDS) devices and application software.[20]

First use in attacks

FBI was hit repeatedly before it ultimately succumbed to attacks and acquired a “Tango Down” status. Anonymous claimed that it was "the single largest Internet attack in its history", while it was reported that as many as 27,000 user agents were taking part in the attack.[23][24]

See also

References

  1. ^ "High Orbit Ion Cannon (HOIC) Threat Advisory". stateoftheinternet.com. 23 February 2012. Retrieved 18 April 2015.
  2. PRWeb
    .
  3. ^ "Definition of HOIC". radware.com. 2012-09-27. Retrieved 2015-04-18.
  4. ^ Curtis, Sophie (27 January 2015). "Who are the most notorious hacking groups?". Retrieved 18 April 2015.
  5. ^ Bonner, Sean (9 December 2010). "Anonymous Stops Drop". Boing Boing. Retrieved 18 April 2015.
  6. ^ "What is HOIC". Sam Biddle. 18 February 2012. Retrieved 18 April 2015.
  7. ^ Schreier, Jason (31 December 2014). "How DDoS Attacks Work, And Why They're So Hard To Stop". Kotaku. Gawker Media. Retrieved 18 April 2015.
  8. ^ a b "Threat: High Orbit Ion Cannon v2.1.003" (PDF) (Press release). Prolexic Technologies. 16 February 2012. Retrieved 6 April 2015.
  9. ^ Gates, Stephen (15 May 2013). "DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION" (PDF). RSA Conference. Retrieved 18 April 2015.
  10. Archive.org
    .
  11. ^ a b c Gallagher, Sean (16 February 2012). "High Orbits and Slowlorises: understanding the Anonymous attack tools". Ars Technica. Condé Nast. Retrieved 6 April 2015.
  12. ^ "Glimpse into some hacking techniques". Avkash K. 2012-03-15. Retrieved 2015-04-18.
  13. ISBN 978-1-118-41705-8
    .
  14. ^ "Online Privacy Law: Sweden". Law Library of Congress. Retrieved 18 April 2015.
  15. ^ "Hackers' kit bag: the tools that terrorise the internet". James H. Hamlyn-Harris. 2015-03-09. Retrieved 2015-04-18.
  16. ^ Espiner, Tom (November 10, 2006). "U.K. outlaws denial-of-service attacks". CNET News
  17. ^ "US charges 13 Anonymous members for DDoS attacks". PCWorld. 2013-08-16. Retrieved 2016-02-29.
  18. ^ "United States Code: Title 18,1030. Fraud and related activity in connection with computers | Government Printing Office". www.gpo.gov. 2002-10-25. Retrieved 2015-04-18.
  19. ^ Jauregui, Andres (2013-01-12). "Anonymous DDoS Petition: Group Calls On White House To Recognize Distributed Denial Of Service As Protest". Huffington Post.
  20. ^ "High Orbit Ion Cannon Distributed Denial of Service Tools". Cisco. 2012-02-16. Retrieved 2015-04-18.
  21. ^ Segall, Laurie (January 20, 2012). "Anonymous strikes back after feds shut down piracy hub Megaupload". CNN. Retrieved 18 April 2015.
  22. ^ Vaughan-Nichols, Steven J. (January 20, 2012). "How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites". zdnet.com. Retrieved 18 April 2015.
  23. ^ "Anonymous Takes Down FBI, RIAA, DOJ and White House Following Megaupload Closure". Sofpedia. Retrieved 18 April 2015.
  24. ^ Kovacs, Eduard (January 20, 2012). "27,000 Computers Participating in OpMegaupload DDoS Attack (Exclusive)". Softpedia. Retrieved 18 April 2015.

External links

Wikimedia Commons has media related to High Orbit Ion Cannon.
Retrieved from "https://en.wikipedia.org/w/index.php?title=High_Orbit_Ion_Cannon&oldid=1225030896"