DDoS Attack

A Distributed Denial of Service (DDoS) attack attempts to make an online service unavailable by overwhelming it with traffic from multiple compromised systems (often a botnet). Unlike a simple DoS attack from a single source, DDoS attacks are distributed across many sources, making them harder to mitigate.

Types of DDoS attacks:

• Volumetric attacks: Flood bandwidth with massive traffic (UDP floods, DNS amplification)
• Protocol attacks: Exploit network protocol weaknesses (SYN floods, Ping of Death)
• Application layer attacks: Target web application vulnerabilities (HTTP floods, Slowloris)

DDoS attack characteristics:

• Traffic comes from many different IP addresses simultaneously
• Can range from gigabits to terabits per second
• Duration varies from minutes to days
• Often used as a distraction for other attacks
• Increasingly available as DDoS-for-hire services

DDoS mitigation strategies:

• Cloud-based DDoS protection: Services like Cloudflare, AWS Shield, or Akamai absorb attack traffic
• Rate limiting: Restrict the number of requests from individual sources
• Traffic analysis: Distinguish legitimate traffic from attack traffic
• Anycast network diffusion: Distribute traffic across a global network
• Web Application Firewall (WAF): Filter malicious application-layer requests
• Overprovision bandwidth: Maintain capacity headroom for traffic spikes
• Incident response plan: Documented procedures for DDoS response

Impact on businesses:

• Website and application downtime
• Revenue loss from unavailable services
• Customer frustration and brand damage
• Potential data breach if DDoS is a diversion tactic