Security

What is DDoS?

Also known as: Distributed Denial of Service

Definition

A DDoS (Distributed Denial of Service) attack overwhelms a target server, service, or network with massive traffic from many compromised computers, making it unavailable to legitimate users.

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic from multiple sources. Unlike a simple Denial of Service (DoS) attack which comes from a single source, a DDoS attack leverages a network of compromised devices, called a botnet, to generate the attack volume. These devices can include home routers, IoT cameras, servers, and personal computers, often infected with malware without the owner's knowledge.

The attack works by directing all the bots in the botnet to send requests simultaneously to the target. This flood of data packets, connection requests, or malformed messages consumes the target's bandwidth, CPU cycles, or memory, preventing it from responding to legitimate requests. Common types include volumetric attacks (e.g., UDP floods, ICMP floods) which saturate bandwidth, protocol attacks (e.g., SYN floods) which exploit server resources, and application layer attacks (e.g., HTTP floods) which target specific web application functions like search or login.

DDoS attacks are a persistent threat on the internet, with mitigation typically handled by specialized cloud scrubbing services or on-premises hardware. Attack sizes are measured in gigabits per second (Gbps) or packets per second (pps). The largest recorded attacks exceed 1 Tbps. Defenses include rate limiting, traffic filtering, anycast routing, and behavioral analysis to distinguish attack traffic from legitimate users. DDoS attacks are illegal in most jurisdictions and are often launched for extortion, hacktivism, or competitive disruption.

Key facts

  • Uses a botnet of thousands to millions of compromised devices to generate attack traffic.
  • Volumetric attacks aim to saturate the target's internet connection bandwidth.
  • Application layer DDoS attacks mimic legitimate user requests to evade simple filters.
  • Common mitigation methods include CDN-based scrubbing and BGP-based traffic blackholing.
  • SYN flood, UDP amplification, and HTTP flood are among the most frequent attack vectors.

How it works in practice

In 2016, the Mirai botnet composed of insecure IoT devices launched a massive DDoS attack against DNS provider Dyn. Traffic reached 1.2 Tbps, causing widespread outages for major sites like Twitter, Netflix, and Reddit due to DNS resolution failures. This attack highlighted the vulnerability of internet infrastructure to large-scale DDoS.

Related terms

DoS Botnet SYN flood Amplification attack Rate limiting Anycast CName

References

More in Security

2FA

Two-factor authentication (2FA) is a security method that requires a user to present two distinct types of evidence to verify their identity, typically a password and a time-based one-time code from an authenticator app or hardware key.

Bot Management

Bot management detects automated web traffic and distinguishes it from human users, using behavioral fingerprinting and other signals to block malicious bots while allowing benign ones.

Credential Stuffing

Credential stuffing is a cyberattack in which automated tools use username-password pairs leaked from one site to try logging into other sites, exploiting password reuse.

DDoS Scrubbing

DDoS scrubbing diverts attack traffic to a specialized filtering facility that removes malicious packets and forwards only legitimate traffic to the target network.

Firewall

A network security device or software that monitors and controls incoming and outgoing traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.

IDS

An Intrusion Detection System (IDS) monitors network traffic or host activity for signs of malicious behavior or policy violations and generates alerts for security personnel.

IPS

An Intrusion Prevention System (IPS) is a network security device that monitors traffic inline and actively blocks malicious packets before they reach their target.

OAuth 2.0

OAuth 2.0 is an authorization framework that allows a user to grant a third-party application limited access to their resources on another service without revealing their password.

OpenID Connect

OpenID Connect (OIDC) is an identity authentication layer built on OAuth 2.0 that provides a signed ID token containing verified user identity claims.

Passkey

A passkey is a FIDO2/WebAuthn credential stored on a user's device that replaces passwords with public-key cryptography for authentication.

Who Is Online

In total there are 76 users online: 0 registered, 69 guests and 7 bots.

Bots: AhrefsBot Applebot Baiduspider Facebook Other Bot Other Spider SemrushBot

Users active in the past 15 minutes. Total registered members: 340