A new DDoS tool from Anonymous called high-orbit ion canon or HOIC come into light. Attackers are constantly changing their tactics and tools in response to defender's actions. HOIC is an Windows executable file. Once started, you will be presented with the following GUI screen. If the attacker clicks on the + sign under TARGETS they get another pop-up box where you can specify target data.
When you click on the+ button, a new window will open where you can specify following things
URL - is the target website to attack Power -> sets the request velocity. Booster - are config scripts that define the dynamic request attributes HOIC includes a new feature called 'boosters' which are files you download or add to an attack machine which enables the attacker to manipulate headers such as language, referrer, host, etc. To launch the attack click on "FIRE TEH LAZER!" button.
The claim is this: LOIC did TCP, UDP and HTTP flooding, but HOIC focuses on HTTP only. HOIC includes a new feature called 'boosters' which are files you download or add to an attack machine which enables the attacker to manipulate headers such as language, referrer, host, etc. This new feature is designed to bypass signature based systems by using a lot of different headers. Additionally, HOIC is supposedly faster. But is it really an improvement? Overall, not really. There are several reasons:
Problem 1: HOIC seems like a step backwards in terms of usability as it requires client side installation and complex configuration files. LOIC offered the ability for people with limited technical skills to perform DDoS--definitely not the case with HOIC.
Problem 2: HOIC is indeed HTTP focused. However, HTTP flood is inherently slower than UDP flood and simple TCP flood.
Problem 3: Just writing in the tool's description "HOIC is faster" does not make it faster and certainly does not explain why. As they say in the automobile industry: you can't judge until the rubber hits the road.
Problem 4: The "boosters" are nothing but configuration files that just allows broader targeting. HOIC could allow you to diversity DDoS attack, but mostly for pretty sophisticated users. But as we point out in bullet #2 above, are you really gaining more in firepower?
The high orbit ion cannon has the following features:
- High-speed multi-threaded HTTP Flood - Simultaenously flood up to 256 websites at once - Built in scripting system to allow the deployment of 'boosters', scripts designed to thwart DDoS counter measures and increase DoS output. - Easy to use interface - C an be ported over to Linux/Mac with a few bug fixes (I do not have either systems so I do - Ability to select the number of threads in an ongoing attack - Ability to throttle attacks individually with three settings: LOW, MEDIUM, and HIGH