A Distributed Denial of Service (DDoS) attack floods a target server, service, or network with an overwhelming volume of traffic from multiple sources simultaneously. Unlike a standard DoS attack from a single source, DDoS attacks leverage distributed networks of compromised devices (botnets) to generate traffic volumes that cannot be mitigated by simply blocking one IP address. The goal is to exhaust the target's resources and render it unavailable to legitimate users.
How It Works
DDoS attacks operate at different layers of the network stack. Volumetric attacks flood the target's network bandwidth with massive amounts of traffic, often using amplification techniques where small requests generate disproportionately large responses. DNS amplification and NTP amplification are common examples, where attackers send spoofed requests to public servers that reply with much larger responses directed at the victim.
Protocol attacks exploit weaknesses in network protocols to consume server resources. SYN floods send a barrage of TCP connection initiation requests without completing the handshake, exhausting the server's connection table. Slowloris attacks keep many connections open simultaneously by sending partial HTTP requests, tying up server resources without requiring high bandwidth.
Application-layer attacks target specific services with requests that appear legitimate but are designed to consume disproportionate server resources. These attacks might target computationally expensive API endpoints, search functions, or database-heavy operations. Because the requests look like normal user traffic, application-layer attacks are harder to distinguish from legitimate usage and more difficult to filter.
Why It Matters
DDoS attacks directly target availability, one of the three pillars of the CIA triad. The financial impact includes lost revenue during downtime, emergency mitigation costs, and potential SLA penalties. Security assessments evaluate an organization's DDoS resilience by reviewing infrastructure architecture, CDN configuration, rate limiting policies, and incident response procedures to ensure the organization can withstand and recover from volumetric attacks.
Need your application tested? Get in touch.