In basic terms, what is a ddos attack?

In basic terms, a DDoS (Distributed Denial of Service) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. This flood of traffic is often generated from multiple sources, making it difficult to mitigate the attack. The goal of a DDoS attack is to make the targeted resource unavailable to its intended users, disrupting normal operations and potentially causing financial harm or reputational damage to the target.

A DDoS attack typically involves a large number of compromised computers, often referred to as "zombies" or "bots," that are coordinated by an attacker to send an overwhelming amount of requests to the target. These requests could be in the form of traffic, data packets, or connection attempts, with the aim of consuming the target's resources such as bandwidth, processing power, or network capacity.

There are different types of DDoS attacks, including volumetric attacks that flood the target with high volumes of traffic, protocol attacks that exploit vulnerabilities in network protocols, and application layer attacks that target specific aspects of an application or service to exhaust its resources.

Businesses and organizations mitigate DDoS attacks through various means, such as deploying dedicated DDoS protection solutions, working with internet service providers, and implementing network security measures to detect and filter out malicious traffic.

DDoS attacks can result in serious consequences for the targeted entity, including downtime, decreased performance, loss of revenue, and damage to reputation. These attacks can be launched for various reasons, including extortion, competitive advantage, hacktivism, or as a smokescreen for other malicious activities.

In response to DDoS attacks, organizations often employ techniques such as traffic filtering, rate limiting, and diverting traffic through scrubbing centers to identify and block malicious traffic while allowing legitimate traffic to reach its intended destination. Additionally, implementing redundancy and load balancing measures can help mitigate the impact of DDoS attacks by distributing traffic across multiple servers or data centers.


There are several types of DDoS attacks, each with its own method of disrupting the targeted system or network. Some common types include:

1. Volumetric Attacks: These inundate the target with a high volume of traffic, overwhelming its bandwidth and causing it to become unreachable. An example is UDP flood, which sends a large number of User Datagram Protocol (UDP) packets to the target.

2. Protocol Attacks: These exploit weaknesses in network protocols or services to consume server resources. For instance, SYN flood attacks overwhelm the target by sending a large number of SYN requests without completing the handshakes.

3. Application Layer Attacks: Also known as Layer 7 attacks, these target specific aspects of an application or service to exhaust its resources. Examples include HTTP flood attacks, which flood a web server with HTTP GET or POST requests, and DNS amplification attacks, which exploit vulnerable DNS servers to amplify traffic towards the target.

4. Slowloris Attacks: These involve keeping many connections to the target web server open for as long as possible, consuming resources and eventually leading to denial of service.

5. IoT-Based Attacks: With the rise of Internet of Things (IoT) devices, attackers can harness large networks of compromised IoT devices to launch DDoS attacks, known as botnet-based attacks.


Another type of DDoS attack is the Smurf Attack, which involves sending large numbers of Internet Control Message Protocol (ICMP) packets with a spoofed source IP address to an IP broadcast address. The result is a flood of responses to the victim's IP address, overwhelming it.

Another form of DDoS is the NTP amplification attack, which exploits Network Time Protocol (NTP) servers to overwhelm the target with response traffic that is many times larger than the initial request.

Additionally, DDoS attacks can be categorized based on the source of the attack traffic, such as:

1. Direct DDoS Attacks: In these attacks, the attacker directly sends a massive volume of malicious traffic to the target from their own resources or networks.

2. Reflected DDoS Attacks: Attackers spoof the source IP address of their requests to appear as if they are coming from the victim's network. The requests are then reflected off third-party servers, such as open DNS resolvers or NTP servers, causing the reflected traffic to flood the victim.


Another type of DDoS attack is the DNS flood, which floods the server with an overwhelming amount of DNS resolution requests, causing it to become unresponsive. Attackers may also execute a DNS amplification attack, where they send small requests with spoofed source IP addresses to open DNS resolvers, which in turn send large responses to the victim's IP address.

A specific form of application layer attack is the HTTP/S flood, in which attackers bombard a web server with a high volume of legitimate-seeming HTTP or HTTPS requests, aiming to exhaust the server's resources and make it unresponsive to legitimate users.

Finally, attackers may combine different types of DDoS attacks in a coordinated manner, known as a multi-vector attack. This approach can overwhelm the target from multiple angles, making it more difficult to mitigate the impact of the attack.

In a simplified manner, a DDoS attack can be envisioned as follows: a large volume of fake requests originating from numerous computers across the globe bombard a chosen server as the target. Consequently, the server expends all its resources in catering to these requests, rendering it almost inaccessible to regular users. The irony lies in the fact that the owners of the computers unwittingly contributing to the attack may remain unaware of their devices being manipulated by hackers. The software implanted by attackers in these computers is commonly known as "zombies". Multiple methods exist to turn computers into "zombies" - ranging from breaching unprotected networks to using Trojan programs. This preparatory phase is arguably the most time-consuming for an attacker.

Just picture a scenario where there's a long line at the ticket counter in a bustling subway station. You join the end of the line and patiently wait. It appears that everyone is there to purchase tokens, yet in reality, they have assembled to disrupt the cashier. What's more, this continues over time, making it impossible for conscientious citizens, like yourself, to buy tokens (the cashier "breaks", and so on). This is DDoS in real life.

In simple terms, when a DDoS attack happens, the targeted server receives more requests than it can handle. It's akin to attempting to pour 10 liters of water through a funnel with a 0.5 cm diameter in just thirty seconds. Many computers, previously infected with a virus, are employed in these attacks. The virus is responsible for flooding the target with numerous requests, and if the attack is potent enough, it can overwhelm the server and cause it to "crash."

There are various methods used to defend against DDoS attacks. We advocate for a comprehensive approach to protection, which includes utilizing firewalls, hardware, regular software updates, and more.

DDoS attacks present a significant challenge for online security, and it's crucial to stay vigilant and proactive in protecting against them to ensure the stability and security of digital infrastructure.