What are DDoS Attacks?

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

📊 Attack Scale

The largest DDoS attacks have exceeded 2 terabits per second (Tbps), enough to take down major internet infrastructure and services.

How DDoS Attacks Work

Botnet Creation

Attackers compromise multiple devices to create a network of bots (botnet)

Command & Control

The attacker controls the botnet from a central command server

Attack Launch

All bots simultaneously send requests to the target, overwhelming its capacity

Service Disruption

Legitimate users cannot access the service due to resource exhaustion

Key Characteristics

DDoS vs DoS

  • Distributed: Comes from multiple sources simultaneously
  • Volume-based: Overwhelms bandwidth capacity
  • Protocol-based: Exploits network protocol weaknesses
  • Application-layer: Targets specific applications or services

Types of DDoS Attacks

Volume-Based Attacks

Overwhelm the bandwidth of the target site with massive amounts of traffic.

UDP Floods

Send large numbers of UDP packets to random ports

ICMP Floods

Overwhelm target with ICMP Echo Request (ping) packets

DNS Amplification

Exploit DNS servers to amplify attack traffic

Protocol Attacks

Exploit weaknesses in network protocols to consume server resources.

SYN Floods

Exploit TCP handshake process to exhaust connection tables

Ping of Death

Send malformed or oversized packets to crash systems

Slowloris

Keep many connections open and hold them open as long as possible

Application Layer Attacks

Target specific applications or services with seemingly legitimate requests.

HTTP Flood

Send large numbers of HTTP requests to overwhelm web servers

DNS Query Flood

Overwhelm DNS servers with legitimate-looking queries

Attack Motivations

Extortion

Demand payment to stop the attack (ransom DDoS)

Competitive Advantage

Disrupt competitors' online services

Hacktivism

Political or ideological motivations

Cyber Warfare

State-sponsored attacks against critical infrastructure

Diversion

Distract security teams while other attacks occur

Prevention and Mitigation

Technical Solutions

Protection Measures

  • DDoS protection services (Cloudflare, Akamai, AWS Shield)
  • Load balancers and content delivery networks (CDNs)
  • Rate limiting and traffic filtering
  • Network monitoring and anomaly detection
  • Redundant infrastructure and bandwidth

Network Architecture

Redundancy

Multiple data centers and network paths

Scalability

Ability to handle sudden traffic increases

Segmentation

Isolate critical services from public-facing systems

Best Practices

Organizational Measures

  • Develop and test DDoS response plans
  • Maintain contact lists for ISPs and DDoS providers
  • Conduct regular security assessments
  • Monitor threat intelligence feeds
  • Implement proper network hardening

Incident Response

Detection

Monitor traffic patterns, set up alerts for unusual activity

Activation

Activate DDoS mitigation services, contact providers

Communication

Notify stakeholders, update status pages, manage public relations

Recovery

Gradually restore services, monitor for follow-up attacks

Post-Incident

Analyze attack vectors, update defenses, document lessons learned