DDoS (Distributed Denial of Service) is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. It utilizes multiple compromised computer systems, often referred to as a botnet, as sources of attack traffic.
Attackers exploit vulnerabilities in network protocols or application logic. Common vectors include SYN flood, UDP amplification, and HTTP flood. These methods target different layers of the OSI model, from infrastructure (L3/L4) to the application layer (L7). Application layer attacks are particularly difficult to mitigate because they mimic legitimate user behavior.
How it works
A botnet, consisting of IoT devices, servers, or PCs infected with malware, acts as the primary tool. When the attacker issues a command, each bot sends a stream of packets to the target's address. This causes resource exhaustion, such as filling the TCP backlog or saturating the network bandwidth, preventing valid requests from being processed.
Modern mitigation involves scrubbing centers that analyze incoming traffic and drop malicious packets before they reach the origin. In recent years, record-breaking attacks have surpassed 3.4 Tbps in volume. Effective defense requires automated rate limiting, Anycast networking, and signature-based filtering to maintain high availability under heavy load.