Askeal Logo

DDoS Attack

A distributed denial of service attack overwhelms target resources with traffic or requests so legitimate users cannot access services.

What is a DDoS attack?How it typically works?Common techniques & variantsImpactFurther reading

What is a DDoS attack?

A DDoS attack is an offensive action where multiple compromised systems are used to flood a target with traffic or requests, degrading or denying service to legitimate users. The distributed nature increases capacity and makes attribution harder. Attacks can target network bandwidth, server compute, application endpoints, or combinations of those. Famous incidents illustrate the range from infrastructure scale outages to tactical disruption of specific services. The 2016 attack on a major DNS provider disrupted many sites by targeting resolution infrastructure. The Mirai botnet used insecure devices to produce enormous traffic volumes. DDoS is both a tool for opportunistic disruption and a technique inside broader campaigns such as distraction operations during intrusions.

How it typically works?

  1. Recruitment: attackers compromise many devices to build a botnet or rent botnet capacity.
  2. Command: a controller instructs the distributed agents to generate traffic or requests toward a target.
  3. Traffic amplification: when used attackers may magnify traffic through intermediary services or misconfigured servers.
  4. Saturation: target network or application resources are consumed causing slowdown or outage.
  5. Persistence and adaptation: attackers change vectors to evade mitigations and sustain pressure.

Common techniques & variants

  • Volumetric attack: saturates network bandwidth with high volume packets or streams. Examples include UDP floods and large scale traffic spikes.
  • Network flood: targets network infrastructure by exhausting packet handling capacity. SYN floods and ICMP floods are examples.
  • Application layer attack: sends valid looking requests to web or API endpoints to exhaust server resources or backend connections. HTTP floods and slow request techniques fit here.
  • Amplification attack: uses third party servers to multiply traffic toward the victim, for example DNS amplification or NTP amplification.
  • Multi vector attack: combines volumetric, network and application layer methods to overwhelm defenses and complicate mitigation.

Impact

DDoS attacks disrupt availability and can cause immediate business losses, reputational damage, and regulatory exposures if services affecting customers are down. Operationally SecOps and network teams must detect traffic anomalies, execute scrubbing or rate limiting, and coordinate with upstream providers. In addition to direct downtime, DDoS is used as a smokescreen while attackers perform intrusions or data theft. Recovery carries costs in mitigation services, incident response, and potential customer compensation. For defensive planning understanding attack vectors, traffic baselines and runbooks is essential to minimize time to recovery.

Further reading

  • Cloudflare: What is DDoS. Read more
  • CISA: DDoS Guidance. Read more
  • Akamai: State of the internet security reports on DDoS. Read more
  • Arbor Networks: DDoS threats overview. Read more
  • US CISA and FBI: Dyn attack analysis. Read more

Related topics

BotnetVolumetric AttackAmplification AttackApplication Layer Attack