𧨠What is a DDoS attack?
DDoS stands for Distributed Denial of Service. Itβs a type of cyberattack where multiple systems flood a server, website, or network with traffic, aiming to overwhelm it and make it unavailable to real users.
Think of it like thousands of fake customers entering a coffee shop at once β real customers can't get in or place orders.
π§ Key terms
- Denial of Service (DoS): A single machine overwhelms a service.
- Distributed DoS (DDoS): Thousands (or millions) of machines do it simultaneously.
- Botnet: A network of compromised computers or devices used to launch the attack.
π₯ How a DDoS attack works
- Attacker builds or rents a botnet.
- Botnet is instructed to send traffic (requests, pings, packets) to the target server.
- Target server slows down or crashes, unable to handle the volume.
- Users experience outages, timeouts, or complete downtime.
π¦ Common types of DDoS attacks
| Type | Description | Example |
| Volumetric | Flood the network with massive data | UDP floods, DNS amplification |
| Protocol | Exploit weaknesses in protocols | SYN floods, Ping of Death |
| Application Layer (Layer 7) | Target specific app logic | HTTP request floods (e.g., /login) |
π Real-world example
In 2016, the Dyn DNS provider was hit by a massive DDoS attack using the Mirai botnet (which infected IoT devices like cameras). This took down Twitter, Netflix, Reddit, GitHub, and more for hours.
π‘οΈ How to defend against DDoS
- Rate limiting
- Restrict how often a user can hit your API or endpoints.
- Web Application Firewalls (WAF)
- Tools like Cloudflare or AWS WAF detect and filter bad traffic.
- CDNs (Content Delivery Networks)
- Distribute load geographically and absorb surges in traffic.
- Auto-scaling and Load Balancers
- Helps spread load across servers when under pressure.
- Anomaly detection
- Monitor traffic for patterns like spikes or known bad IPs.
- Geo-blocking or IP filtering
- Block or throttle traffic from suspicious countries or IPs.
π DDoS Vs high traffic
Not all slowdowns are attacks.
| Scenario | Real Users | Malicious |
| Product launch | β | β |
| Hacker with botnet | β | β |
| Search engine crawling | β | β |
| UDP flood attack | β | β |
π€ How attackers get botnets
- Malware-infected PCs
- Vulnerable IoT devices (cameras, routers)
- Rented from DDoS-for-hire services on the dark web
𧡠Conclusion
A DDoS attack is one of the most common and disruptive types of cyberattacks today. While it doesnβt always steal data, it cripples availability β which for online services means lost revenue, trust, and time.
Protecting your system means preparing for scale, monitoring for anomalies, and using modern infrastructure tools that can absorb and deflect malicious traffic.