User:Rafflesng/sandbox

Use
HOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by sending excessive traffic in an attempt to overload the site and bring it down. The HOIC uses “Boosters” (custom scripts) to target more than just a website’s home page. An unauthenticated, remote attacker using the HOIC could send traffic to a targeted URL in an attempt to overload the targeted website, resulting in a denial of service condition. In addition, the HOIC can target up to 256 web addresses simultaneously, making this tool a powerful resource for hackers who are attempting to conduct DDoS attacks.

Features
HOIC includes a high-speed multi-threaded HTTP flooding, allowing users to simultaneously flood up to multiple websites at once. The usage of “Boosters” to handle DDoS countermeasures and increase DoS output. HOIC could also generate multiple HTTP Header to create the genuine traffic flow scenario.

HOIC is essentially a simple script for launching HTTP POST and GET requests at a targeted server, wrapped in a friendly graphical interface.

Limitations
HOIC requires a coordinated group of users to ensure that the attacks are successful. Without group participation, an attack is unlikely to result in the target’s downtime.

Although HOIC attempts to evade detection through randomization, analysts were able to identify several static attributes that make mitigation of attacks from this tool a fairly simple process.

Freely available anonymizing networks generally aren’t up to the task of handling the bandwidth of attacks. Attempting to launch HOIC or other DDoS tools over Tor would amount to an attack on that network itself—and on the users who use it to protect themselves.

Countermeasures
There are several aspects of DDoS mitigation that administrators need to be aware of to be able effectively combat this potentially dangerous attack tool. A number of vendors are offering "DDoS resistant" hosting services, mostly based on techniques similar to content distribution networks. Distribution avoids single point of congestion and prevents the DDoS attack from concentrating on a single target.

In addition to using a solid firewall strategy, administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent DDoS attacks.

Attack on the Justice Department
The HOIC was first utilized by the hacking group, Anonymous, when they launched a cyber attack on the website of the US Department of Justice in retaliation to the crackdown of the files sharing website, Megaupload, by federal agents.

It didn’t stop here. Over the course of a few hours, hacktivists involved with the loose knit group Anonymous waged attacks on site after site, and before long, the web presence for the Recording Industry Association of America (RIAA), Motion Picture Association of America (MPAA), Broadcast Music, Inc., or BMI, and finally FBI were down.

Anonymous calls it the single largest Internet attack in its history, after crippling some of the biggest sites of the US government.

Origin of name
The HOIC application is adapted from its predecessor, the LOIC, named after the ion cannon, a fictional weapon from many sci-fi works, and in particular after its name sake from the Command & Conquer series of video games.