A DDoS (Distributed Denial of Service) attack attempts to make a website or online service unavailable by overwhelming it with massive amounts of traffic from thousands or millions of compromised computers (a botnet). Unlike a simple DoS attack from one source, the distributed nature makes blocking a DDoS extremely challenging.
How a DDoS Attack Works
- An attacker builds or rents a botnet — a network of malware-infected devices.
- On command, all bots simultaneously send requests to the target server.
- The target's bandwidth, CPU or connection table is exhausted.
- Legitimate users cannot reach the site — service is denied.
Types of DDoS Attacks
- Volumetric attacks — Flood bandwidth with UDP/ICMP floods or amplification attacks. Measured in Gbps.
- Protocol attacks — Exploit weaknesses in network protocols (SYN flood, Ping of Death). Measured in packets per second.
- Application-layer (L7) attacks — Target web applications with seemingly legitimate HTTP requests (HTTP flood, Slowloris). Harder to detect.
DDoS Protection
- CDN/DDoS scrubbing services — Cloudflare, AWS Shield, Akamai absorb and filter attack traffic before it reaches the origin server.
- Rate limiting — Limit the number of requests per IP per second.
- Anycast routing — Distributes traffic across multiple data centres, diluting attack volume.
- Web Application Firewall (WAF) — Blocks application-layer attacks.