A distributed denial-of-service (DDoS) attack is a cyberattack where a server, system, or network is overloaded with traffic and rendered nonfunctional. A DDoS attack is different from a regular denial-of-service (DoS) attack in that it is committed by multiple IP addresses or machines, rather than just one.
DDoS attacks flood networks with malicious traffic to disrupt services and can also be used to distract security teams from concurrent intrusions happening elsewhere in the network.
How DDoS Attacks Work
In a DDoS attack, attackers use a botnet—a network of compromised devices—to send massive volumes of traffic to a target server or network. The volume of traffic overwhelms the target's capacity to respond to legitimate requests, making the service unavailable to its intended users.
Types of DDoS Attacks
Volumetric Attacks: Flood the target with massive amounts of traffic to consume available bandwidth.
Protocol Attacks: Exploit weaknesses in network protocols to consume server resources.
Application Layer Attacks: Target specific applications or services with requests designed to exhaust server resources.
Multi-vector campaigns can combine volumetric, protocol, and application attacks simultaneously, making them particularly difficult to mitigate.
Prevention and Mitigation
Organizations can defend against DDoS attacks by using DDoS protection services, implementing rate limiting and traffic filtering, deploying content delivery networks (CDNs) to distribute traffic, and maintaining an incident response plan for DDoS events. IoT botnets generate massive traffic volumes, so securing internet-connected devices is also an important part of DDoS prevention.