What Is a DDoS Attack?
DDoS stands for Distributed Denial of Service, and it is the name given to an attack that overwhelms a service with requests, forcing it offline.
When you hear about a website or video game being taken down by hackers, a lot of the time, that means they’re suffering a DDoS attack. Attackers target a specific website, service, or video game and flood the servers running with data requests. The number of requests can rapidly overwhelm the server infrastructure hosting the service, forcing it offline.
A DDoS attack is sometimes referred to as DDoSing.
How Does a DDoS Attack Work?
In a DDoS attack, the data doesn’t have to be multiple large files requested for download. In fact, it is often the opposite, where thousands of machines all make small data requests simultaneously. Although each individual request is small, the number of requests amplify the effect across thousands of devices.
So, who controls thousands of computers that they can use to send requests to a single server?
For the most part, DDoS attacks come from large botnets, groups of compromised computers under an attacker’s control. The attacker can point their botnet’s power at a target, flooding the website or video game servers with requests, knocking them offline.
Botnets are a major source of malware, ransomware, spam, and more. But what is a botnet? How do they come into existence? Who controls them? And how can we stop them?
Directing a huge volume of traffic at the victim stops any regular traffic accessing the website or video game, causing a denial of service. That the traffic comes from numerous sources means the attack is distributed, hence Distributed Denial of Service attack.
At any one time, there can be multiple DDoS attacks taking place around the world. You’re more likely to hear about them when they knock a major service offline, but you can use the Digital Attack Map as an approximation as to what’s going on.
Application Layer Attack
An application-layer DDoS attack targets website requests, making a substantial number of data requests simultaneously. For example, the attacker might make thousands of requests to download a specific file, causing the server to slow to a crawl.
A protocol DDoS attack targets the victim’s network, targeting server resources of a different nature. For example, a protocol attack might overburden a firewall or load balancer, causing them to cease operation.
A volumetric DDoS attack can work similarly to an application layer attack, flooding the target server with requests, but with a modifier that can amplify the number of simultaneous requests.
DNS Amplification is one of the most common types of DDoS attack, and is a prime example of a volumetric attack. When the attacker makes a request to the server, it includes a spoofed address, often the IP address of the target itself. Each request loops back to the target IP address, amplifying the number of requests.