HOIC was designed to improve upon several LOIC application flaws, including:
Detection – HOIC uses booster scripts that let perpetrators scatter attack traffic and hide their geolocation. This differs from LOIC, which isn’t capable of obfuscating attacker IP addresses.
Firepower – An individual HOIC user can launch a significant number of junk requests at a given time; as few as 50 perpetrators can execute a successful DDoS attack. This differs from LOIC, which requires thousands of users to coordinate and launch an attack.
Widespread HOIC availability means that users having limited knowledge and experience can execute potentially significant DDoS attacks. The application can open up to 256 simultaneous attack sessions at once, bringing down a target system by sending a continuous stream of junk traffic until legitimate requests are no longer able to be processed.
Unlike LOIC, which is able to launch TCP, UDP and HTTP GET floods, HOIC conducts attacks based solely on HTTP GET and POST requests.
Add-on scripts called boosters—not available in the LOIC application—can greatly increase attack magnitude. Boosters also let HOIC users customize the application and randomize assaults in order to circumvent caching mechanisms that protect servers from traffic spikes.
Despite booster use, the attack traffic amount generated by HOIC is still not enough for a single user to take down a target system. A successful DDoS assault can only be launched when a team of perpetrators operate HOIC simultaneously. A high degree of coordination is required among several users.
Methods of mitigation
HOIC’s deceptive and variation techniques make it more difficult for traditional security tools and firewalls to pinpoint and block DDoS attacks.