A Distributed Denial of Service (DDoS) attack is a type of malicious act in which multiple systems, which are often infected with a Trojan, are used to overwhelm a targeted system, such as a server, website, or network. The aim is to make the targeted system unavailable to its intended users.
Typically, the attacker tries to interrupt or suspend the services of a host connected to the internet. This is achieved by overwhelming the target or its surrounding infrastructure with a flood of internet traffic. The traffic can consist of incoming messages, requests for connections, or fake packets.
In a DDoS attack, the incoming traffic flooding the victim originates from many different sources, potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
DDoS attacks can be broadly divided into three types:
- Volume Based Attacks: These are attacks that aim to overwhelm the bandwidth of a site with sheer volume of data. The aim is to consume all available bandwidth resources. Examples include ICMP floods and UDP floods.
- Protocol Attacks: These are attacks that focus on exploiting server resources. They aim to overwhelm the actual server machines and intermediate communication equipment (such as firewalls and load balancers) by consuming all available processing capacity. Examples include SYN floods, fragmented packet attacks, and Ping of Death.
- Application Layer Attacks: These are the most sophisticated types of attacks that focus on particular web applications. They are the hardest to detect and mitigate because they can mimic normal user behavior and require less bandwidth to cause damage. Examples include HTTP floods and Slowloris attacks.
DDoS attacks are a major security threat and are becoming increasingly common due to the proliferation of IoT devices, many of which have poor security, and the availability of DDoS-for-hire services. They are typically motivated by a desire to cause harm to the target rather than personal gain, but can also be used as a distraction for other malicious activities or for competitive advantage.