100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

DDoS Attack

BeginnerConcept1.2K learners

A Distributed Denial-of-Service (DDoS) attack is an attempt to overwhelm a server, service, or network with a flood of traffic from many compromised sources at once, making it slow or unavailable to legitimate users.

Definition

A Distributed Denial-of-Service (DDoS) attack is an attempt to overwhelm a server, service, or network with a flood of traffic from many compromised sources at once, making it slow or unavailable to legitimate users.

Overview

Unlike a simple denial-of-service attack launched from a single machine, a DDoS attack is distributed across thousands or millions of hijacked devices — often a botnet of compromised computers, routers, or IoT devices — making it far harder to block by simply denying one IP address. Attackers coordinate these devices to send an overwhelming volume of requests, packets, or connection attempts at a target simultaneously. DDoS attacks generally fall into three categories: volumetric attacks that saturate available bandwidth (e.g., UDP floods, DNS amplification), protocol attacks that exhaust server or network equipment resources (e.g., SYN floods), and application-layer attacks that mimic legitimate traffic to exhaust web server resources (e.g., HTTP floods targeting a login page). Defending against DDoS typically involves traffic scrubbing services, rate limiting, a content delivery network or Web Application Firewall (WAF) to absorb and filter malicious traffic, and network-level redundancy. DDoS protection is a foundational topic in courses like Cloud Security Fundamentals, since cloud providers offer managed mitigation services that scale to absorb multi-gigabit attacks automatically.

Key Concepts

  • Uses many distributed, often compromised, source machines instead of a single attacker
  • Volumetric, protocol, and application-layer attack categories target different weak points
  • Amplification techniques (DNS, NTP) let attackers multiply traffic volume cheaply
  • Botnets of hijacked IoT devices are a common attack infrastructure
  • Mitigated with traffic scrubbing, rate limiting, and CDN/WAF absorption
  • Attacks can target bandwidth, server resources, or application logic
  • Modern attacks increasingly combine multiple vectors simultaneously

Use Cases

Extortion — attackers demand payment to stop an ongoing attack
Competitive sabotage — taking a rival's service offline during peak demand
Hacktivism — disrupting an organization's online presence to make a political statement
Smokescreen — distracting security teams while a separate breach is attempted
Testing resilience — security teams run authorized DDoS simulations to validate defenses
Gaming and streaming disruption — attackers target competitors during live events

Frequently Asked Questions

From the Blog