DDOS: High Orbit Ion Cannon (HOIC) HTTP Request
This signature detects the behavior of the High Orbit Ion Cannon (HOIC) packet flooding tool. Attackers can use this tool to send extremely large amounts of packets over the network to attempt to overwhelm a target. When used collectively from multiple sources, a Distributed Denial of Service (DDoS) can occur. A bug in some proxy servers can also trigger this signature. Therefore, this signature should only be used to protect your web servers from attacks from the Internet, and not to monitor out-bound traffic from your end-users, especially if the users are behind a proxy.
Short Name
DDOS:HOIC-HTTP-METHOD
Severity
Major
Recommended
False
Recommended Action
None
Category
DDOS
Keywords
(HOIC) Cannon HTTP High Ion Orbit Request
Release Date
04/27/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Occasionally