Everyday Internet & Troubleshooting
What Is a DDoS Attack?
A DDoS attack doesn't break into a system — it buries it, flooding a target with so much traffic that legitimate users can't get through.
Denial of service
A denial-of-service (DoS) attack aims to make a service unavailable by overwhelming it. A distributed denial-of-service (DDoS) attack does this from many sources at once, which makes it far more powerful and much harder to block, since the flood comes from thousands of different addresses rather than one.
Where the traffic comes from
Attackers typically command a botnet — a network of compromised computers and internet-connected devices infected with malware. The owners often have no idea their device is participating. On command, all these machines send traffic to the target simultaneously. The rise of poorly-secured smart devices has made large botnets easier to assemble.
Types of attack
- Volumetric: sheer bandwidth, saturating the target's connection.
- Protocol: exhausting resources like connection tables on servers or firewalls.
- Application-layer: targeting specific, expensive operations to tie up a server with seemingly legitimate requests.
How targets defend themselves
Defenses focus on absorbing and filtering the flood: large content delivery networks and specialized DDoS-mitigation services soak up attack traffic across huge distributed capacity, distinguish malicious traffic from real users, and keep the service online. Because these providers operate at enormous scale, they can withstand attacks that would instantly overwhelm a single server.
What it means for individuals
Most people never face a DDoS, but two lessons apply to everyone. First, securing your own devices (updating firmware, changing default passwords) helps keep them out of botnets. Second, exposing your personal IP address to hostile strangers — a risk for some gamers and streamers — can invite small-scale attacks, which is one practical reason a VPN's shared address can be worth using.