Distributed Denial-of-Service (DDoS)
A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to overwhelm a server, service, or network with a flood of internet traffic, making it unavailable to intended users.
Attack Types: 1. Volumetric (ICMP, UDP). 2. Protocol (SYN Flood, Ping of Death). 3. Application-layer (HTTP GET/POST). Defenses: CDN, WAF, Scrubbing, Anycast, IP Reputation.
graph LR
Center["Distributed Denial-of-Service (DDoS)"]:::main
Pre_compliance["compliance"]:::pre --> Center
click Pre_compliance "/terms/compliance"
Center --> Child_aml["aml"]:::child
click Child_aml "/terms/aml"
Rel_cex["cex"]:::related -.-> Center
click Rel_cex "/terms/cex"
Rel_ring_signatures["ring-signatures"]:::related -.-> Center
click Rel_ring_signatures "/terms/ring-signatures"
Rel_zero_trust["zero-trust"]:::related -.-> Center
click Rel_zero_trust "/terms/zero-trust"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
Imagine you are trying to walk into a store, but 1,000 people who have no intention of buying anything are standing in the doorway, blocking you and shouting. Because there are so many of them, the store owner can’t push them all out at once, and you can’t get in to buy your groceries. That store is 'denied service'.
🤓 Expert Deep Dive
Technically, DDoS attacks are classified by the OSI layer they target. 'Volumetric' attacks (L3/L4) like UDP Floods or DNS Amplification aim to fill the target's network capacity. 'Protocol' attacks (e.g., SYN Floods) exploit weaknesses in the TCP handshake, filling up the server's 'Connection Tables'. 'Application Layer' attacks (L7), such as HTTP Floods, are more surgical; they mimic real user behavior to exhaust server CPU or RAM by requesting expensive resources like heavy database searches. Mitigation requires a combination of 'Anycast' routing to spread the load, 'Scrubbing Centers' to filter packets, and 'Rate Limiting' to prevent any single source from taking too much capacity. Modern attackers often use 'Multi-vector' attacks, switching between layers to bypass defenses.