What Is a DDoS (Distributed Denial-of-Service) Attack?

DDoS, meaning distributed denial-of-service, is a type of attack on users' computers. It’s a subclass of denial-of-service, or DOS, attacks.  These are attacks specifically designed to shut down a network, and they easily become DDoS attacks. Like other forms of cyberattacks, such as ransomware attacks, the idea is to make important files, data, or documents inaccessible to users.

DDoS attacks do this by flooding a target network with traffic or information so that it cannot function and crashes. A denial-of-service attack typically comes from only one network or system.  A distributed denial-of-service attack, on the other hand, is multi-layered. It involves multiple systems working together to synchronize a DOS attack to one target.

What is a DDoS attack?

With DDoS, meaning distributed denial-of-service, these attacks are synchronized and carried out with networks of devices linked to the Internet. The networks involved have usually been previously infected by malware. This is what makes it possible for one hacker to execute a DDoS attack with multiple systems. Each computer or system involved can be directed to attack the victim device’s IP addresses, and the network under attack is overwhelmed and resorts to denying service for all traffic.

Think of it like a traffic jam; during big travel weekends, like Christmas or Thanksgiving, the highway is flooded with unexpected traffic and new traffic patterns. It causes a backup for everyone - even the cars that normally travel that route in their day-to-day.

Characteristics of DDoS attacks

Only legitimate devices are involved in the attack if it's classified as DDoS, meaning it’s much harder to distinguish between malicious and normal web traffic.  Furthermore, real, legitimate users make up the web traffic, making it even more difficult to preemptively block harmful activity.

This challenge for network owners is a benefit for hackers. Distributed denial-of-service attacks provide an easy way for hackers to disguise their attacks as normal traffic flow. Similarly, it’s harder to determine where the attack is coming from, since the attacking systems are from various locations. The widespread nature of the attack makes it difficult to shut down.

What makes DDoS attacks unique is that they don’t try to actually breach your security. The attack disables servers without brute force or hacking into your perimeters; it’s all done via methods that are, on the surface, legitimate. However, users and hosts will feel the effects of a DDoS attack just as they would with a different type of attack.

DDoS attacks vary in their length; sometimes they happen in large numbers of repeated assaults and sometimes they are just one overwhelming incident. The damage is detrimental either way. It can take months for a company to recover from a DDoS attack, which has long-term effects on a business.

Types of DDoS attacks

There are a number of different techniques for DDoS, meaning that they can be difficult to evade and understand. However, DDoS attacks fall under three general categories.

Volumetric attacks

Volumetric attacks generate massive amounts of traffic through various methods to oversaturate the bandwidth. It creates a digital traffic jam so that no more traffic can make it through to the site, keeping users out and harming the reputation and business of a company.

Volumetric attacks are a brute force method, stealing more bandwidth than the other two kinds of attack. They typically rely on IoT devices and botnets, which are robot networks that move data without any human assistance. These botnets flood the server with attack traffic faster than any one hacker could in real time, causing a shutdown for the victim.

Protocol attacks

Protocol attacks are attacks on a network’s infrastructure, like servers, firewalls, and load balancers. They target protocol communications with malicious connection requests until it can’t function properly.

Whereas volumetric attacks are brute force, protocol attacks focus on targeting weaknesses in Internet communications protocols. Protocols are complex and updates are slow, meaning that vulnerabilities are often exposed for hackers to take advantage of in DDoS attacks.

Application attacks

Application attacks are more sophisticated attacks that exploit weakness in the application layer. They open connections and processes that clog up disk space and memory, which again, make it so that the sites or application servers can’t work as they should.

As far as the techniques behind distributed denial of service—DDoS—attacks go, there are several to be aware of. Although knowing the methods a hacker may use won’t necessarily help you prevent an attack, it’s worth knowing the mechanics.

Specific DDoS attacks

UDP and ICMP floods

As the name implies, these volumetric attacks work to flood the host with user datagram protocol packets or Internet control message protocol pings in order to overpower the server or web application. Attackers use reflection attacks to manipulate victims’ IP addresses to make the requests, and the bandwidth can’t keep up.

DNS amplification attacks

Similarly, these are also volumetric attacks that manipulate public DNS servers into sending large numbers of small packets from many different sources. The attacker overwhelms the system with DNS lookup requests. The DNS server responds to each, but the amount of data returned to the victim's own DNS server causes a shutdown.
DDoS Attack Diagram

Ping of death attacks

Ping of death attacks are a type of protocol attack.  Sending a ping includes packets of information delivered to the recipient of the ping. With ping of death attacks, the data destroys the device's bandwidth with the sheer volume of requests.  The attacker exploits vulnerabilities in the system with packets that will freeze or crash the system.

HTTP flood attacks

These are a common kind of application layer attacks. It involves the web server and Internet more prevalently than other kinds of attacks. The attacker makes innocuous interactions with the web server, which actually intend to use up the server's resources.

How to protect yourself and your resources

Though DDoS protection is difficult, you can take measures that will help you evade potential damages from a DDoS attack.  You can make your hosting infrastructure more resistant to distributed denial-of-service attacks by increasing your bandwidth.

Many of the kinds of attacks mentioned above rely on overwhelming the bandwidth of your server. With a large enough bandwidth, users can handle the spikes in activity meant to crash a system. Attackers will have to put in more work to overwhelm your site or server. You can also check with your web host to see if they offer DDoS mitigation tools, like a scrubbing center, to help you prevent attacks.

Switching to a cloud service instead of hardware can increase your bandwidth easily, plus help protect your data and information against other threats. If you want to keep using hardware for your network, try configuring your settings to prioritize network security. You can configure your firewall to drop incoming ICMP packets, which will help with floods. With hardware adjustments, this will cut down ping-based attacks.