What Is a DDoS Attack?
A Distributed Denial-of-Service (DDoS) attack floods a target - A server, network, or service - With more traffic than it can handle, making it unavailable to legitimate users. Unlike a traditional DoS attack launched from a single source, DDoS attacks originate from thousands or millions of compromised devices (a botnet), making them far harder to block by IP.
Types of DDoS Attacks
| Category | Type | How It Works | Target |
|---|---|---|---|
| Volumetric | UDP Flood | Sends massive amounts of UDP packets to random ports, exhausting bandwidth | Network bandwidth |
| Volumetric | DNS Amplification | Uses open DNS resolvers to reflect/amplify traffic toward the victim (up to 70x amplification) | Network bandwidth |
| Volumetric | NTP Amplification | Exploits NTP monlist command for up to 556x amplification | Network bandwidth |
| Protocol | SYN Flood | Sends SYN packets without completing the handshake, exhausting server connection tables | Server connection state |
| Protocol | Ping of Death / ICMP Flood | Overwhelms the target with ICMP echo requests | Network resources |
| Application Layer | HTTP Flood | Sends seemingly legitimate HTTP GET/POST requests at massive scale | Web server CPU/memory |
| Application Layer | Slowloris | Keeps HTTP connections open by sending partial headers slowly, exhausting server connection pool | Web server connections |
Who Is at Risk
DDoS attacks target online services that depend on availability: e-commerce sites (financial motivation), gaming servers (competitive disruption or extortion), financial institutions, and DNS providers. Even home users with static IPs can be targeted, usually by other gamers ("booting"). Attacks are available as paid DDoS-for-hire services ("booters" or "stressers") for as little as a few dollars, making them accessible to non-technical adversaries.
How to Defend Against DDoS
- Use a DDoS mitigation service (Cloudflare, Akamai, AWS Shield) that absorbs volumetric attacks upstream before they reach your infrastructure.
- Configure rate limiting and connection limits on your web server to slow application-layer attacks.
- Use anycast routing to distribute attack traffic across multiple data centres globally.
- Block known bad IP ranges and implement geographic blocking for regions you do not serve. Run a blacklist check on your own IP to verify it is not already flagged.
- As a home user: contact your ISP if targeted - They can null-route the attacked IP temporarily or assign you a new public IP.
- Use a VPN to hide your real IP in gaming and other high-risk contexts - Attackers cannot target an IP they do not know.