distributed-denial-of-service-(ddos)
A DDoS attack is a malicious attempt to disrupt the normal traffic of a server, service or network by overwhelming it with a flood of internet traffic.
A Distributed Denial-of-Service (DDoS) attack is a malicious cyberattack designed to overwhelm a target system, service, or network with a flood of internet traffic, rendering it inaccessible to legitimate users. Unlike a simple Denial-of-Service (DoS) attack originating from a single source, a DDoS attack leverages multiple compromised computer systems, often referred to as a botnet, to launch the attack simultaneously. This distributed nature makes it significantly harder to mitigate, as blocking a single IP address is ineffective. DDoS attacks can target various layers of the network stack, including application layer attacks (e.g., HTTP floods) that consume server resources, or network layer attacks (e.g., SYN floods) that exhaust network bandwidth or connection tables. The primary goal is disruption, causing financial losses, reputational damage, and service unavailability. Mitigation strategies involve traffic scrubbing services, firewalls, intrusion prevention systems, rate limiting, and traffic analysis to distinguish malicious traffic from legitimate requests.
graph LR
Center["distributed-denial-of-service-(ddos)"]:::main
Pre_cryptography["cryptography"]:::pre --> Center
click Pre_cryptography "/terms/cryptography"
Rel_distributed_systems["distributed-systems"]:::related -.-> Center
click Rel_distributed_systems "/terms/distributed-systems"
Rel_network_security["network-security"]:::related -.-> Center
click Rel_network_security "/terms/network-security"
Rel_data_breaches["data-breaches"]:::related -.-> Center
click Rel_data_breaches "/terms/data-breaches"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
Imagine a store with only one door. A DDoS attack is like thousands of people trying to rush through that one door at the same time, blocking anyone who actually wants to buy something.
🤓 Expert Deep Dive
DDoS attacks exploit the inherent scalability and accessibility of internet protocols. Volumetric attacks, such as UDP floods, aim to saturate network bandwidth. Protocol attacks, like SYN floods, target stateful devices (e.g., firewalls, load balancers) by exhausting their connection tables. Application layer attacks, often HTTP floods or Slowloris, are more sophisticated, consuming application resources (CPU, memory) by making seemingly legitimate requests that are resource-intensive or incomplete. Botnets, often comprised of IoT devices, are common attack vectors due to their sheer numbers and often lax security. Advanced persistent threats (APTs) may use DDoS as a smokescreen for other malicious activities. Mitigation relies on a layered defense: network infrastructure (e.g., BGP Flowspec), specialized DDoS mitigation appliances or cloud services (scrubbing centers), and application-level defenses like Web Application Firewalls (WAFs) and rate limiting. Identifying attack signatures and anomalies in real-time is crucial.