High Orbit Ion Cannon
OS X, Linux[citation needed] | |
Size | 1.8 MB |
---|---|
Available in | English |
Type | Network stress-testing |
License | Public domain |
Website | sourceforge |
High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.[1][2]
Development
HOIC was developed during the conclusion of
Nomenclature
HOIC and its predecessor, the
Use
Simply described, HOIC is a program for sending
The minimalist GUI of the tool makes it user friendly and easy to control. The basic routine of an attack is to input the URL of the website which is to be attacked, and set the power option on low, medium or high. The power option sets the request velocity with low at two requests per second, medium at four and high at eight requests per second. Then a booster file is added which uses .hoic extension to define dynamic request attributes, launch attacks on multiple pages within the same website and help evade some defense filters. The attack is then launched by pressing the red button in the GUI labelled as "Fire Teh Lazer".[13]
![](http://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/HOIC_TARGET.png/220px-HOIC_TARGET.png)
Limitations
The basic limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful. Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection.[8] Another limiting factor is the lack of anonymizing and randomizing capability. Even though HOIC should, in theory, offer anonymizing through the use of booster files, the actual protection provided is not enough. Furthermore, anonymizing networks such as TOR are not capable of handling the bandwidth of attacks generated by HOIC. Any attempt to launch an attack using the TOR network will actually harm the network itself.[11] However, Anonymous members routinely use proxy servers based in Sweden to launch their attacks. It has been speculated that this is due to the notion that Sweden may have less internet privacy laws than the rest of the world.[11][14]
Legality
Primarily, HOIC has been designed as a stress testing tool and can be lawfully used as such to stress test local networks and servers provided the person initiating the test has authorization to test and as long as no other networks, servers, clients, networking equipment or URLs are disrupted.[15]
HOIC can also be used to perform distributed denial-of-service attacks, which are illegal under various statutes. The
In 2013,
Countermeasures
First use in attacks
See also
- Anonymous (group)
- Application layer DDoS attack
- DDoS mitigation
- Denial-of-service attack
- DoSnet
- Fork bomb
- Hit-and-run DDoS
- Infinite loop
- Low Orbit Ion Cannon
- Operation Leakspin
- Operation Payback
- ReDoS
References
- ^ "High Orbit Ion Cannon (HOIC) Threat Advisory". stateoftheinternet.com. 23 February 2012. Retrieved 18 April 2015.
- PRWeb.
- ^ "Definition of HOIC". radware.com. 2012-09-27. Retrieved 2015-04-18.
- ^ Curtis, Sophie (27 January 2015). "Who are the most notorious hacking groups?". Retrieved 18 April 2015.
- ^ Bonner, Sean (9 December 2010). "Anonymous Stops Drop". Boing Boing. Retrieved 18 April 2015.
- ^ "What is HOIC". Sam Biddle. 18 February 2012. Retrieved 18 April 2015.
- ^ Schreier, Jason (31 December 2014). "How DDoS Attacks Work, And Why They're So Hard To Stop". Kotaku. Gawker Media. Retrieved 18 April 2015.
- ^ a b "Threat: High Orbit Ion Cannon v2.1.003" (PDF) (Press release). Prolexic Technologies. 16 February 2012. Retrieved 6 April 2015.
- ^ Gates, Stephen (15 May 2013). "DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION" (PDF). RSA Conference. Retrieved 18 April 2015.
- Archive.org.
- ^ a b c Gallagher, Sean (16 February 2012). "High Orbits and Slowlorises: understanding the Anonymous attack tools". Ars Technica. Condé Nast. Retrieved 6 April 2015.
- ^ "Glimpse into some hacking techniques". Avkash K. 2012-03-15. Retrieved 2015-04-18.
- ISBN 978-1-118-41705-8.
- ^ "Online Privacy Law: Sweden". Law Library of Congress. Retrieved 18 April 2015.
- ^ "Hackers' kit bag: the tools that terrorise the internet". James H. Hamlyn-Harris. 2015-03-09. Retrieved 2015-04-18.
- ^ Espiner, Tom (November 10, 2006). "U.K. outlaws denial-of-service attacks". CNET News
- ^ "US charges 13 Anonymous members for DDoS attacks". PCWorld. 2013-08-16. Retrieved 2016-02-29.
- ^ "United States Code: Title 18,1030. Fraud and related activity in connection with computers | Government Printing Office". www.gpo.gov. 2002-10-25. Retrieved 2015-04-18.
- ^ Jauregui, Andres (2013-01-12). "Anonymous DDoS Petition: Group Calls On White House To Recognize Distributed Denial Of Service As Protest". Huffington Post.
- ^ "High Orbit Ion Cannon Distributed Denial of Service Tools". Cisco. 2012-02-16. Retrieved 2015-04-18.
- ^ Segall, Laurie (January 20, 2012). "Anonymous strikes back after feds shut down piracy hub Megaupload". CNN. Retrieved 18 April 2015.
- ^ Vaughan-Nichols, Steven J. (January 20, 2012). "How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites". zdnet.com. Retrieved 18 April 2015.
- ^ "Anonymous Takes Down FBI, RIAA, DOJ and White House Following Megaupload Closure". Sofpedia. Retrieved 18 April 2015.
- ^ Kovacs, Eduard (January 20, 2012). "27,000 Computers Participating in OpMegaupload DDoS Attack (Exclusive)". Softpedia. Retrieved 18 April 2015.
External links
![](http://upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/30px-Commons-logo.svg.png)