What Is DDoS? Distributed Denial of Service Explained

What Is Ddos

If you’ve watched Game of Thrones, you’re familiar with the fictional character Hodor. In the fifth episode of season six (spoiler alert), Hodor sacrifices himself to save the future king of Westeros, Bran Stark, from the army of the undead, led by the evil Night King. He does so by holding a door shut with his body, while the undead try to break through.

He keeps shouting, “Hold the door!” which eventually warps into “Hodor” — his name. Twisted, right? Well, you’ll have to watch the series to better understand this scene. Anyway, a Distributed Denial of Service (DDoS) attack is pretty similar.

You can think of DDoS as an army of computers, usually controlled by one person or group, attempting to overwhelm the “door” of availability of a network, server, or online service.

A DDoS cyberattack is not nearly as fun as GoT is — it can make a website or service completely unavailable.

I’m here to talk to you about the ins and outs of DDoS attacks and walk you through the process of defending your honor against them, just like Hodor did (this is the last GoT reference, I promise). Read on!

How DDoS Attacks Work

Let’s say you run a few gaming servers and have built quite a good reputation for yourself.

Your competitors might target your network with a DDoS attack to gain an unfair advantage; They may flood your servers with fake traffic, especially during peak hours, to frustrate your gaming audience and entice them to join their servers.

What are DDoS attacks with DDoS attack icon
DDoS stands for “Distributed Denial of Service.”

And this is just me easing you into the world of DDoS attacks — the consequences could be far worse. More on this soon.

These are the steps in a typical DDoS attack:

  1. A cybercriminal or cybercriminal group will create a network of infected computers (often through malware), called a botnet.
  2. They will then direct the botnet to flood your gaming server network with a massive surge of fake traffic.
  3. Your servers are likely to get overwhelmed by all the requests and may even crash.
  4. Due to exhaustion of resources, your gamers won’t be able to access your servers.

I know what you’re thinking. Yes, this would make your competitor a cybercriminal (and punishable under various laws).

Types of DDoS Attacks

All DDoS attack types aim to create significant traffic or resource consumption and disrupt normal service and availability, but they do so in different ways. My gaming server network example fits the volumetric attack category.

By learning about these types, it’ll be easier for you to identify a DDoS attack and defend against it.

Volumetric Attacks

As the name suggests, the goal of a volumetric attack is to flood your network with massive amounts of traffic using techniques like UDP Flood (UDP packet flooding) and ICMP Flood (ICMP echo request packet flooding).

These techniques will overwhelm your network and make it unable to respond to the legitimate requests of your users.

Protocol-Based Attacks

A protocol-based attack is more refined, as your attacker must first find exploitable weaknesses in the network protocols that your servers or their networking equipment use.

For example, using the Ping of Death technique, an attacker could exploit a vulnerability in how your firewalls or load balancers handle ICMP packets. They could flood them with oversized ICMP packets and cause them (and potentially your servers) to crash or destabilize.

Application Layer Attacks

Application layer attacks are similar to volumetric attacks but are more specific. Instead of attacking your entire network, an attacker may target a specific server with malicious requests.

For example, using the HTTP Flood technique, an attack may mimic legitimate user behavior by sending numerous HTTP requests to one of your servers and exhaust its processing ability. It’s worth noting volumetric attacks send more traffic overall.

Amplification Attacks

Amplification attacks “reflect” traffic off vulnerable third-party servers, such as DNS servers and NTP servers, to amplify the attack’s volume directed at your IP address. Let me simplify this.

For example, an attacker could send multiple tiny DNS queries (to trigger much larger responses) to a vulnerable DNS server and then send the server’s large responses to your IP address. This will make it difficult for you to differentiate legitimate traffic from attack traffic.

Motivation Behind DDoS Attacks

Not all DDoS attacks are business-destroying, but they sure do raise alarm bells. I mean, being an avid gamer, I’d be pretty mad if even a single gaming server in my network was down for just a few seconds during peak hours (it’d probably guarantee a 99.99% uptime, after all).

In no particular order of severity, here are some of the primary motivations behind DDoS attacks.

Political Motivations

“Hacktivism” sounds pretty interesting, right? I don’t know what your stance on activism is, but it’s related to that.

You can think of it as a way for activist groups to use DDoS attacks to protest against organizations or governments. For example, let’s say there’s a political issue an activist group wants to draw the government’s attention to. And I mean immediately.

They may attack a government website to express their dissent. While I don’t support it, it could lead to quicker justice.

Financial Gain

Greed is a nasty trait, but let’s face it — we’re all greedy in one way or another. Some of us are greedy for sweets, others for money.

Financial greed can lead some people to carry out DDoS attacks.

If your gaming servers are earning top bucks, your business could attract attention. Attackers could use DDoS attacks with the goal of making quick money. This is also known as a ransom DDoS (RDoS) attack.

Business Rivalry

I’ve already talked about corporate sabotage, also known as business rivalry. This practice may drive customers from your business to theirs, but rest assured, it can lead to serious legal consequences.

Unfortunately, even if the guilty party is apprehended, you’re unlikely to regain all your customers. On the flip side, their customers could flock to you. Every cloud has a silver lining!

Personal Vendetta and Cyber Vandalism

Have you watched the movie V for Vendetta? If you have, you’ll understand why personal vendetta and cyber vandalism are strong drivers of DDoS attacks.

While these attacks may lack clear financial or political motivations, a former employee, friend, or family member may be out to cause disruption to your business, so keep your eyes and ears open!

Distraction Attacks

DDoS attacks disrupt the normal functioning of your network, server, or online service, but don’t allow the attacker to gain access to them. Well, not directly — they could be used as part of a larger strategy.

For example, they could be used to divert attention while another cyberattack, such as data theft, is conducted. You need to assemble a solid security protocol — more soon.

The Impact of DDoS Attacks

EA Sports FC 25 has been released, and I’m super duper pumped (football is my favorite sport), so excuse me for using the gaming server network example once again (for the last time, I promise)!

Let’s imagine all your servers are down due to a volumetric attack. Alongside operational disruption, you may face consequences like financial loss due to business downtime, reputational damage, and security breaches.

That was just an overview. Now I’m going to explore the impact of DDoS attacks in detail.

Financial Loss

If your entire network is slowed down or unavailable due to a DDoS attack, your customers will not be able to access your services. If you run an eCommerce shop, for example, this means lost revenue. And you may even have to compensate customers for business downtime.

Financial loss icon and infographic
DDoS attacks can be costly for businesses.

For instance, to attract customers back to your online store, you might need to launch promotional offers or discounts — this is just the tip of the iceberg.

Reputation Damage

Promotional offers or discounts and other compensation strategies may entice some of your customers to switch back to your services, but the reality is a DDoS attack can damage your reputation.

To win customers back, try to be as transparent in your communication as possible, compensate them to the best of your ability, and assure them you’ve implemented stringent security measures to ensure they won’t face such situations again.

Data Loss or Security Breaches

A DDoS attack may simply be a smokescreen. Cybercriminals can use the confusion caused by the attack to exploit exposed vulnerabilities and steal confidential data. Your security team needs to be on their toes to ensure all potential vulnerabilities are sealed in double-quick time.

Data Loss or Security Breaches with missing file icon
Data loss can be another expensive consequence of DDoS attacks.

The last thing you want is to lose customers during business downtime and have their personal information exposed!

Operational Disruption

Prolonged downtime will affect most, if not all, internal processes and negatively impact the productivity and morale of your employees. The overthinkers, for example, may start considering finding a new job since they might believe your business is “obviously” going to shut down!

Communication is key again. Try to find the most efficient ways to communicate with your employees and make sure the leadership team makes decisive choices to get the business up and running again.

Defending Against DDoS Attacks

I understand how frustrating dealing with a DDoS attack can be (I’ve read enough case studies), but I had a great time doing research for this section and finding out about defensive strategies. I mean, I grew up playing tower defense games like Plants vs. Zombies (especially during Computer Science class)!

Treat your defense against DDoS attacks as a game you must win to survive. And when I say survive, I mean it — a cyber attack could ruin your business, after all. Let’s begin the masterclass.

Proactive vs. Reactive Defense

You should always anticipate the worst and prepare for it. You’re not living in a castle with burly troops to guard your home. And even if you truly believe you are, troops can betray your trust. You should implement measures to prevent business downtime, minimize damage, improve response time, and enhance your security posture.

I also recommend having a crisis management plan in place to effectively communicate with your customers during a DDoS attack. Don’t be reactive — be proactive.

Infrastructure-Based Solutions

If you have the means (and necessity) to operate multiple servers for your business, you should consider infrastructure-based solutions like load balancing and anycast routing, as they create a robust defense against DDoS attacks.

  • Load balancing: This technique will spread traffic across all servers in your network to prevent overload. Even if one server goes down during an attack, the others will continue to function, ensuring service availability.
  • Anycast routing: This technique uses multiple servers across various locations to absorb traffic. Similar to load balancing, if an attacker targets one server in your network, traffic will be rerouted to other servers, isolating the target server.

Let’s say an attacker has targeted a particular server in your network to launch a DDoS attack. By using load balancing and anycast routing, the load will be evenly spread across your network.

While this won’t guarantee complete protection against a DDoS attack, it’ll make it more difficult for the attacker to bring down your network.

Mitigation Services

You can think of cloud-based DDoS mitigation services like Cloudflare and Akamai as “sponges” that absorb and filter malicious traffic before it can wreak havoc on your servers.

You already know how important content delivery networks (CDNs) are for enhancing webpage loading times. Well, they also play a role in mitigating DDoS attacks, and I’m sure you’ve guessed how: They distribute traffic across multiple server locations.

Rate Limiting and Throttling

Rate limiting and throttling may seem annoying on paper, especially when you’re surfing the net, but they’re crucial techniques to maintain server performance and availability, particularly during a DDoS attack.

Rate limiting is used to control the number of requests a user in your network can send to a server in a defined timeframe. Rate throttling is used to manage the overall traffic sent to a server in your network.

Network Security Protocols

Your network’s security toolset is incomplete without firewalls and Intrusion Prevention Systems (IPS). They analyze your network’s traffic in different ways and can automatically block harmful or unwanted traffic during an attack.

Firewalls, for example, monitor traffic based on a set of rules you’ve predefined. In this case, IPS have more of a free reign — they’re ideal for advanced threat mitigation.

Tools and Services

If you’re a control freak or simply want to cover all bases (when it comes to security, it’s better to be both), here are some other popular anti-DDoS tools and services you should take for a spin:

  • Arbor Networks: Arbor Networks offers a suite of tools that make attack detection (based on traffic patterns) and mitigation a breeze.
  • AWS Shield: Amazon Web Services (AWS) does not disappoint, so if you’re looking for a managed DDoS protection service, AWS Shield is a solid bet. If you have the budget for it, consider AWS Shield Advanced.
  • Microsoft Azure DDoS Protection: If you swear by Azure services, Microsoft Azure DDoS Protection is all you need for automatic attack detection and mitigation.

Radware, Imperva, and F5 Networks are other honorable mentions. All of these tools and services will help you make your system bulletproof, but remember, you need to keep upgrading your security posture to stay ahead of the curve.

The Future of DDoS Attacks

DDoS attacks don’t just affect businesses. There will be an estimated 6.81 million DDoS attacks by the end of 2024. In other words, DDoS attacks will affect one in 20 internet users. I wish I could say things will get better, but they won’t.

Cybercriminals will get more sophisticated in the coming days, months, and years, and the volume of DDoS attacks is likely to increase. You need to do your part to stay safe.

Take note of all the defensive measures I have listed in the previous section and do further research as well — it’s better to be safe than sorry. And if you live in the U.S., be particularly aware: Around 50% of all DDoS attack incidents in 2024 are predicted to take place in the United States.

Stay safe!