The other is web-based LOIC or JS LOIC.įigure 1: Original LOIC About the original LOIC tool There are 2 versions of the tool: the first is the binary version, which is the original LOIC tool. In this brief article, I will give an overview and operational model of the tool.
The group not only used this tool, but also requested that others download it and join Anonymous attacks via IRC. This tool was also the weapon of choice implemented by the (in)famous hacker group, Anonymous, who have claimed responsibility for many high profile hacking attacks, among them, hacks against Sony, the FBI and other US security agencies. It has become widely used, including in some highly-publicized attacks against the PayPal, Mastercard and Visa servers a few months back.
If you follow news related to hacking and security issues, you doubtless have been hearing about this tool for the past several months.
Since there is no JavaScript version, you are also safe from having it injected as a result of Cross-site scripting.A LOIC (Low Orbit Ion Cannon) is one of the most powerful DOS attacking tools freely available.
Luckily, due to the limited capabilities of HOIC, it cannot be effectively installed and used on your web server as a result of an attack (for example, command injection, code injection or SQL Injection). Such clouds have the means to protect your website: not only the tools but the sheer bandwidth capabilities. That is why many companies choose major virtual clouds to host their websites. However, no locally installed tool is as useful in protecting against DDoS attacks as a good infrastructure that can handle a lot of requests. The best bet to protect yourself are intrusion detection systems (IDS) or intrusion prevention systems (IPS). Since HOIC randomizes headers, web application firewalls (WAF) may have problems detecting such attacks. How Can I Protect Myself Against HOIC?Įven a website with no vulnerabilities may become a victim of a HOIC attack, so web/network vulnerability scanners cannot be used to protect against them. HOIC was used by Anonymous for attacks on the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), and the US Department of Justice (in retaliation for closing the file-sharing website Megaupload). It is said that 50 HOIC users are enough to perform a major DDoS attack. It works in GUI mode only so it cannot be used as a zombie. It is designed as a standalone application and has limited coordination capabilities. HOIC is much stronger than LOIC but lacks certain features of its predecessor. This makes DoS detection much more difficult but is still not enough to anonymize the attacker. These custom scripts randomize headers such as the user-agent and introduce multiple attack targets (e.g. Its key feature is the ability to use booster scripts to increase DoS output. It can attack up to 256 domains simultaneously using a large number of threads. It sends HTTP POST and HTTP GET requests. The HOIC is more advanced than LOIC and designed to work using HTTP floods only (unlike LOIC that also uses TCP/UDP floods).
Names of both LOIC and HOIC were inspired by weapons used in video games.
The tool is available only for Windows but it can be ported to Linux and Mac. It was developed by the hacktivist collective Anonymous as a conclusion of Operation Payback. It is the successor of the Low Orbit Ion Cannon (LOIC) application. It is most often used by hacktivists as an attack tool for denial of service (DoS) and distributed denial of service (DDoS) attacks. The High Orbit Ion Cannon (HOIC) is an open source network stress testing application available on.