What is a DDoS attack?

Back to learning

DDoS stands for Distributed Denial of Service. It's a type of cyber attack designed to make online services, networks, or resources unavailable by overwhelming them with excessive internet traffic.

A DDoS attack inundates a targeted server, network, or service with a flood of internet traffic. Unlike a simple DoS (Denial of Service) attack, which comes from a single source, a DDoS attack involves multiple compromised computers that serve as attack platforms.

Primary categories of DDoS attacks

1. Volumetric Attacks: These attacks overwhelm a network by consuming its bandwidth with large volumes of data.
2. Protocol Attacks: These target network infrastructure, exploiting weaknesses in network protocols.
3. Application-layer Attacks: These focus on specific aspects of an application, such as a web page or database, usually operating at Layer 7 of the OSI model.

Detection and mitigation

Traditional security measures like firewalls and intrusion detection systems often fall short because they aren't designed to handle the high volumes of traffic characteristic of DDoS attacks.

A multi-layered, defence-in-depth approach works best.

Specialised DDoS mitigation techniques include rate limiting, caching, load balancing, traffic analysis, and challenge-response tests.

Organizations commonly use both local and cloud-based solutions for comprehensive protection.