Prosopo Logo

Glossary

Learn about product and technical terms, and get their definitions in our Glossary.

Table of Contents

DDoS (Distributed Denial of Service)

Distributed Denial of Service (DDoS) attacks use multiple compromised systems to target a single system, causing disruption by overwhelming the target's resources and bandwidth, rendering it unavailable to intended users.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic from multiple sources. Unlike a simple Denial of Service (DoS) attack that uses a single computer and internet connection, DDoS attacks leverage multiple compromised systems (often thousands) as sources of attack traffic, making them much more difficult to mitigate.

How DDoS Attacks Work

DDoS attacks function by exploiting the inherent limitations of network resources:

  1. Botnet creation: Attackers first build networks of infected computers (botnets) by spreading malware
  2. Command and control: The attacker remotely controls these infected devices (often without the owners' knowledge)
  3. Target selection: The attacker identifies a victim and the type of attack to deploy
  4. Coordinated attack: All compromised devices are instructed to send requests to the target simultaneously
  5. Resource exhaustion: The target becomes overwhelmed with traffic, legitimate requests can't be processed

Common Types of DDoS Attacks

DDoS attacks come in various forms, each targeting different vulnerabilities:

Volume-Based Attacks

  • UDP floods: Sending large numbers of UDP packets to random ports
  • ICMP floods: Overwhelming targets with ICMP echo request packets
  • TCP floods: Sending massive amounts of TCP packets to exhaust server resources
  • Amplification attacks: Using DNS, NTP, or SMURF amplification to multiply traffic volume

Protocol Attacks

  • SYN floods: Exploiting TCP handshake by sending SYN packets without completing connections
  • Fragmented packet attacks: Sending malformed or fragmented packets that can't be reassembled
  • Ping of Death: Sending malformed or oversized ping packets

Application Layer Attacks

  • HTTP floods: Overwhelming web servers with seemingly legitimate HTTP GET or POST requests
  • Slow attacks: Establishing connections and keeping them open with minimal bandwidth
  • Zero-day attacks: Exploiting unknown application vulnerabilities

Impact of DDoS Attacks

DDoS attacks can have severe consequences for organizations:

Business Disruption

  • Service unavailability causing lost revenue
  • Customer dissatisfaction and damaged reputation
  • Operational disruptions affecting internal systems

Financial Costs

  • Direct revenue losses during downtime
  • Recovery and mitigation expenses
  • Potential contractual penalties for SLA violations
  • Investment in additional security infrastructure

Security Implications

  • Often used as smokescreens for other attacks
  • May expose system vulnerabilities during recovery
  • Can lead to data breaches in some scenarios

DDoS Protection Strategies

Organizations employ multiple layers of defense against DDoS attacks:

Network Level Protection

  • Traffic analysis: Establishing traffic baselines and monitoring for anomalies
  • Rate limiting: Restricting the number of requests from single sources
  • Traffic filtering: Using routers and firewalls to block suspicious traffic patterns
  • Anycast network diffusion: Distributing traffic across multiple data centers

Cloud-Based Protection

  • DDoS scrubbing services: Redirecting traffic through "cleaning centers" before it reaches the target
  • Content Delivery Networks (CDNs): Distributing load across geographically dispersed servers
  • Traffic diversion: Routing traffic away from the target during attacks

Application Level Protection

  • Web application firewalls: Filtering malicious HTTP traffic
  • API gateway throttling: Limiting request rates to APIs
  • CAPTCHA systems: Differentiating between human users and bots
  • Challenge-response mechanisms: Requiring proof of legitimate intent

Detection and Response

Effective DDoS mitigation requires prompt detection and action:

Warning Signs

  • Unusual traffic spikes
  • Server performance degradation
  • High amounts of traffic from single IP ranges or unusual geographies
  • Abnormal patterns in network packet information

Response Procedures

  • Incident response team activation: Engaging security personnel immediately
  • Traffic filtering: Implementing emergency filters on network equipment
  • Service scaling: Rapidly expanding resources to absorb attack
  • Communication: Notifying stakeholders and potentially law enforcement
  • Post-attack analysis: Identifying attack patterns for future prevention

The Relationship Between DDoS and Bot Protection

DDoS attacks and bot activities represent overlapping threats:

  • Both utilize automated processes to execute attacks
  • Bot protection systems can help identify and block DDoS traffic
  • CAPTCHA and behavioral analysis serve as protection against both threats
  • Traffic pattern analysis helps detect both malicious bots and DDoS attacks

DDoS attacks are illegal in most jurisdictions:

  • Treated as criminal offenses under computer crime legislation
  • Penalties include substantial fines and imprisonment
  • International cooperation frameworks exist for cross-border attacks
  • Reporting procedures typically involve law enforcement and national CERTs

The landscape of DDoS attacks continues to evolve:

Emerging Attack Vectors

  • IoT device exploitation for larger botnets
  • AI-powered adaptive attacks that change patterns during the attack
  • 5G networks enabling higher-bandwidth attacks
  • Layer 7 (application layer) attacks becoming more sophisticated

Advancing Defenses

  • Machine learning for faster anomaly detection
  • Automated mitigation with minimal human intervention
  • Blockchain-based verification systems
  • Edge computing security improving response times

DDoS attacks remain a significant threat in the cybersecurity landscape, requiring organizations to maintain vigilant monitoring and multi-layered defense strategies to protect their digital assets and ensure service availability.

Related Terms

Bot protection

Cybersecurity

Network security

Web security

Botnet

Ready to ditch Google reCAPTCHA?
Start for free today. No credit card required.
Get started →