What is DDoS? Complete Guide to Distributed Denial of Service
Last updated: March 2025
Definition of DDoS
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. Unlike a simple DoS (Denial of Service) attack that originates from a single source, DDoS attacks use multiple compromised computer systems as sources of attack traffic.
How Does a DDoS Attack Work?
DDoS attacks work by exploiting the way network resources are consumed. Attackers typically use a network of infected computers (botnet) to send massive amounts of requests to a target. When the target's capacity is exceeded, legitimate users cannot access the service. The distributed nature makes these attacks difficult to mitigate because traffic comes from many different IP addresses.
Types of DDoS Attacks
Volumetric Attacks (Layer 4)
Volumetric attacks aim to consume the bandwidth between the target and the internet. They flood the network with massive amounts of traffic, saturating the connection. Common methods include UDP floods and ICMP (ping) floods. These attacks are measured in bits per second (bps) or packets per second (pps).
Protocol Attacks (Layer 4)
Protocol attacks exploit weaknesses in network protocols. SYN flood attacks, for example, exhaust connection tables by sending TCP SYN packets without completing the handshake. The server waits for responses that never come, eventually running out of resources for legitimate connections.
Application Layer Attacks (Layer 7)
Application layer attacks target the top layer of the OSI model where web pages are generated. HTTP flood attacks send seemingly legitimate requests that consume server resources. Slowloris keeps connections open by sending partial HTTP requests, exhausting the server's connection pool.
Why Are DDoS Attacks Carried Out?
Motivations vary: competitive advantage (taking competitor sites offline), extortion (demanding ransom to stop attacks), hacktivism (political or ideological reasons), or simply testing one's own defenses. Understanding these motivations helps organizations prepare appropriate defenses.
Real-World Impact
DDoS attacks can cause significant financial losses, damage reputation, and disrupt critical services. According to various studies, the average cost of a DDoS attack can reach tens of thousands of dollars per hour in lost revenue and mitigation costs.
Testing Your Defenses
Organizations should regularly test their infrastructure's resilience to DDoS attacks. Authorized stress testing helps identify weaknesses before malicious actors exploit them. Always ensure you have proper authorization before testing any system.