DDoS: Distributed Denial of Service Attacks

DDoS: Distributed Denial of Service Attacks

DDoS: Distributed Denial of Service Attacks

A Distributed Denial of Service Attack is a type of cyber-attack where the perpetrator makes an online service unavailable by flooding it with requests. The goal is to disrupt, degrade or destroy the availability of the target system. 

There are many ways these types of attacks can be carried out, but they all have one thing in common: they send tons and tons of useless data (also called “flooding”) to overwhelm systems and cause them to stop responding appropriately. 

This post will outline some great tips on how you can protect your websites from DDoS attacks.

What is DDoS?

DDoS stands for Distributed Denial of Service. It is a type of attack where the hacker tries to make websites, servers, or other computer networks unavailable by overusing their resources until they are no longer available. 

This typically occurs when one person has used up all the bandwidth, memory, and processor time on another server/computer network so that legitimate users can’t use it anymore. 

Commonly this means people trying to get into your website but not being able to because your site becomes too slow or unresponsive due to excessive demands from malicious attackers who try to take down whole systems with overloads instead of just trying to break into it. 

These attacks are usually extensive in scale and can be challenging to stop as the traffic is coming from multiple sources at once, making them hard to block or predict.

How Does a DDoS Attack Work?

There are several different ways that a DDoS attack can occur, but most of them involve flooding the target with too many requests per second.

Spoofing IP Addresses

A common technique is to spoof the IP address and send large amounts of traffic from multiple systems, so it appears as if all these sources are trying to access your site at once.

Using Bots Or Malware To Overload

Another way an attacker will overload you is by using bots or malware installed on thousands of computers without their owner’s knowledge (also known as “zombies”). 

This method will not only include regular users visiting your website in flood but also automated scripts running continuously for each bot zombie system to make hundreds or even millions of requests every few seconds which means they could easily take down any server! 

These types of attacks are known as “botnet” or “zombie army” DDoS.

Sending Direct Traffic

A third way to perform a DDoS attack is by sending direct traffic from another service provider, like internet providers who sell access for content delivery networks (CDN) and other services that will overload your site if too many people try using them at once. 

This can be used because some hosting companies allow you to use their network infrastructure to deliver massive amounts of data quickly, raising the risk of having your website taken down due to overloading the network it’s on.

Why Are DDoS Attacks Used?

There are multiple reasons why a hacker may want to perform DDoS attacks. 


Suppose they manage to take control of your computer and use it as part of their botnet. In that case, the attacker can make money by using your system in exchange for payment from third parties that pay an affiliate commission on any revenue made brought about through traffic generated from compromised systems. This type is called “ransomware.”

Personal Vendetta

Another reason someone might choose to carry out a DDoS attack against you is that they just plain don’t like you! There have been cases where hackers upload political messages or other controversial content (such as pornography) onto websites and services, which often bring legal issues with them due to its nature and violating most countries’ laws. 

Once the hacker has gained control of a site/service, they can then use it to launch an attack against another server or website that the person who owns the content doesn’t like. 

Suppose you own a business and your competitor’s sites go down due to being overloaded by too many people trying to access them at once. In that case, this will give you a good advantage over their competition as none of their potential customers would be able to do anything!


DDoS attacks are also used as part of extortion schemes where criminals try extorting money from websites by threatening DDoS unless paid off. This tactic is commonly known as “ransomware” because it holds owners’ ransom by using threats such as notifying law enforcement officials about illegal activities found on their websites and the potential loss of revenue for running such services.


Other attacks can be used to sabotage a website or service by causing damage, vandalizing content on their pages, injecting malicious code into it, which could lead users to dangerous sites that try infecting visitors’ computers with malware, and more! 

This type of attack is called “defacement,” where hackers will change parts of your site so that none might even notice something has changed unless they look closely enough at its source code which often leads them to come across what appears as gibberish (also known as “hexdump”) strewn all over these affected files. 

They may also add hidden links elsewhere on your page, leading people who click anywhere on the page away from you and towards their website.

Different Kinds of DDoS Attack Vectors

There are several different types of attacks that can be used to overload your site, which include:

UDP Flood Attacks 

This attack uses spoofed packets sent from the attacker’s machine(s) using false source addresses. These data packages have their destination information set to where they’re being sent but do not contain any actual content inside them. The only thing found within is a “fake” sender address which causes it to appear as if each packet is coming from multiple locations at once, while receiving all of these packets on the other end will usually lead to one component of an application or service you use (such as your web server or database) having its resources drained more quickly than others might due to trying processing every single packet received and not knowing which ones to discard as they don’t need it.

TCP Flood Attacks 

A flood attack that uses the Transmission Control Protocol (TCP) is structured around sending a series of requests using false source addresses, but with their destination set to where they are being sent. Hence, each packet appears different than previous packets. 

Because these types of attacks use real connection information, your router will see every one of them as good connections even though there has been no actual request made by anyone to initiate such communication between systems across the Internet. 

The only thing you may notice when receiving many thousands or millions of these kinds of packets at once if a vast number within seconds appears in your web server’s error log file is due to the router trying to process each one of them.

Layer Seven Attacks 

A layer seven attack uses an application or service that can generate attacks with content matching what would typically appear in regular requests made to any web server, but at extremely high volumes, which causes your site(s) to be overloaded due to receiving many more requests than they could handle within seconds! 

Since most servers are not capable of handling large numbers of simultaneous connections without falling behind on their request queue, attackers might use applications such as LOIC (Low Orbit Ion Cannon) to specify how much data should be sent per request, which would allow them to control how much bandwidth they use. 

They might also decide on using random headers, so the targets will have no idea who is attacking them or what’s being used to create requests with different content each time, even though there are several types of these kinds of attacks such as Slowloris (which does not require a large number of requests) and RUDY (R U Dead Yet?)

Application Layer Attacks 

This type uses specifically crafted packets that target areas within an application where it can exhaust all available resources at once by sending many thousands if not hundreds-of-thousands or millions of requests until its infrastructure becomes overloaded and shuts down completely! These could be done through commonly known exploit vectors such as SQL injection attacks. For example, the attacker could send a single request that uses proper syntax to create an order of magnitude more requests.

Android DDoS Attacks 

This type of attack is done through applications found on Google Play which attackers use to launch DDoS attacks against any target they want since all it takes at this point is having someone download one of these apps onto their phone or tablet device and then have them use it! 

Once launched, the application will immediately begin sending SYN packets towards your web server’s address/port combination(s) until its infrastructure becomes overloaded due to receiving many thousands if not millions within seconds, making it impossible for legitimate visitors coming from search engines or other sources ever being able to launch a successful connection!

DNS Reflection Attacks 

A reflection attack uses the fact that if you spoof your source address and send thousands of packets at once to random targets, some might reply towards your spoofed address. Since this is not known as good practice, it means only those willing to risk legal action or who are behind an unresponsive ISP that isn’t caring enough about its customer’s actions take advantage of these types of attacks since they could be traced right back to them rather quickly. 

Therefore, attackers will use large botnets instead of hundreds of thousands if not millions of systems spread around different ISPs located in many different countries where local law enforcement agencies can’t go beyond their borders without approval from international law enforcement. 

This is why most of these types of attacks come from Russia and China, for example, since their law enforcement agencies don’t do anything to stop them, but also because they have massive botnets capable of generating many requests at once!

How Do You Protect Against a DDoS Attack?

The best way to protect your system from DDoS attacks is by using a firewall. Cloudflare offers the best services when it comes to system and DNS securities. [Cloudflare DNS Security article link here] Here are some great advice for protecting yourself from Distributed Denial of Service Attacks:

  • Addressing the root cause by blocking traffic at its source with blackhole routing (also known as null routing) will prevent any external users from accessing your site and create problems only within their networks instead. This technique involves using BGP filters to implement specific “null routes” so they’re blocked instantly if specific IP addresses attempt to visit. Read our article on How To Trace DDoS Attacks to learn more [How To Trace DDoS Attacks article link here]
  • You can also implement a caching strategy that will create copies of static content stored in memory to prevent overloads on your server. This means there is less demand for each request, so they aren’t being sent out as frequently.
  • Using load balancing techniques with failover or other mechanisms designed to protect you from traffic floods by distributing the requests across multiple locations, machines, and networks at once, ensuring constant uptime even when under attack – something called “distributed denial of service” (DDoS). Splitting up different components into different servers with redundant systems will make it easier for them to handle large amounts of traffic without taking you down.
  • Finally, use anti-DDoS plugins with cloud computing tools like Amazon’s AWS, which will help you to stay online even during a DDoS attack. These types of systems allow you to handle large amounts of traffic by seamlessly distributing it across multiple servers and networks so you can remain up and running at all times, whether it’s intentional or not. It also helps manage your server resources efficiently while keeping costs low on bandwidth usage as well.

Frequently Asked Questions 

Q. How much traffic is considered normal?

A. Generally speaking, most sites should aim for around 300GB per month, but if it’s not your site, it’s best to talk with the web hosting company where you’re located to find out what their bandwidth provisioning policies are. It’s also important to note that once a DDoS attack is underway, there may be nothing your ISP can do about it until the perpetrator stops their actions which could go on indefinitely!

Q. How much does it cost to defend against a DDoS attack?

A. The price for this type of protection varies depending on the nature and size of your site. For example, most web hosting companies provide DDoS prevention services in their Terms Of Service (ToS) when you sign up with them, but it’s best to double-check with one when you purchase your plan,. So there are no surprises down the road!

Q. What is an ISP’s role in all of this?

A. Your Internet service provider’s responsibility is mainly limited to protecting themselves from attacks originating within their networks by taking advantage of black hole routing (Null routing). They usually don’t protect customers who subscribe with other ISPs unless they’re directly contracted since these types of attacks are usually the result of someone else’s actions!


A DDoS attack can do an incredible amount of damage to your company. The attack goes on for just a few minutes, but those few minutes are enough for the hackers to take every bit of information from your systems. That information can be sold on the darknet, which, trust me, you don’t want.

To protect your system from getting DDoSed, you can use security plugins and firewalls. A firewall is your best bet. Cloudflare provides top-of-the-line security against such attacks while keeping your internet speed up to mark.

Recent Posts