What Is DDoS? Distributed Denial of Service Explained

Writer: Surajdeep Singh

Surajdeep Singh, Contributing Expert

Surajdeep Singh is a technology journalist who has contributed to Cointelegraph, IT Business Edge, Progress Telerik, and several other prominent publications. He has a Bachelor of Technology degree in computer science and engineering from PES University. With more than seven years of experience spearheading the marketing and content strategy of Web3 businesses, Surajdeep's subject matter expertise includes hosting infrastructure, Web3 and enterprise technology, security best practices, and people and productivity.

Editor: Austin Lang

Austin Lang, Editor

Austin Lang has worked in writing and academia for more than a decade. He previously taught writing at Florida Atlantic University, where he graduated with a Master’s degree in English. His past experience includes editing and fact-checking more than 500 scientific papers, journal articles, and theses. As the Marketing Editor for HostingAdvice, Austin leverages his research experience and love for the English language to provide readers with accurate, informational content.

Reviewer: Christina Lewis

Christina Lewis, Senior Content Manager

Christina Lewis is a web designer and technical writer who bridges design, development, and hosting with clear, practical advice. With a Master’s degree in web design and communications from the University of Florida, she combines a foundation in mass communications with real hands-on experience creating websites and managing hosting environments. Now, she combines her writing experience with her technical knowledge to craft and edit content that gives value to novice techies and field experts.

Our experts take readers step-by-step through a variety of hosting and programming tasks in our popular series of how-to guides.
Follow Us:
2.7k
16.4k
11.7k
173
4.1k

If you’ve watched Game of Thrones, you’re familiar with the fictional character Hodor. In the fifth episode of season six (spoiler alert), Hodor sacrifices himself to save the future king of Westeros, Bran Stark, from the army of the undead, led by the evil Night King. He does so by holding a door shut with his body, while the undead try to break through.

He keeps shouting, “Hold the door!” which eventually warps into “Hodor” — his name. Twisted, right? Well, you’ll have to watch the series to better understand this scene. Anyway, a Distributed Denial of Service (DDoS) attack is pretty similar.

You can think of DDoS as an army of computers, usually controlled by one person or group, attempting to overwhelm the “door” of availability of a network, server, or online service.

A DDoS cyberattack is not nearly as fun as GoT is — it can make a website or service completely unavailable.

I’m here to talk to you about the ins and outs of DDoS attacks and walk you through the process of defending your honor against them, just like Hodor did (this is the last GoT reference, I promise). Read on!

How DDoS Attacks Work

Let’s say you run a few gaming servers and have built quite a good reputation for yourself.

Your competitors might target your network with a DDoS attack to gain an unfair advantage; They may flood your servers with fake traffic, especially during peak hours, to frustrate your gaming audience and entice them to join their servers.

What are DDoS attacks with DDoS attack icon
DDoS stands for “Distributed Denial of Service.”

And this is just me easing you into the world of DDoS attacks — the consequences could be far worse. More on this soon.

These are the steps in a typical DDoS attack:

  1. A cybercriminal or cybercriminal group will create a network of infected computers (often through malware), called a botnet.
  2. They will then direct the botnet to flood your gaming server network with a massive surge of fake traffic.
  3. Your servers are likely to get overwhelmed by all the requests and may even crash.
  4. Due to exhaustion of resources, your gamers won’t be able to access your servers.

I know what you’re thinking. Yes, this would make your competitor a cybercriminal (and punishable under various laws).

Types of DDoS Attacks

All DDoS attack types aim to create significant traffic or resource consumption and disrupt normal service and availability, but they do so in different ways. My gaming server network example fits the volumetric attack category.

By learning about these types, it’ll be easier for you to identify a DDoS attack and defend against it.

Volumetric Attacks

As the name suggests, the goal of a volumetric attack is to flood your network with massive amounts of traffic using techniques like UDP Flood (UDP packet flooding) and ICMP Flood (ICMP echo request packet flooding).

These techniques will overwhelm your network and make it unable to respond to the legitimate requests of your users.

Protocol-Based Attacks

A protocol-based attack is more refined, as your attacker must first find exploitable weaknesses in the network protocols that your servers or their networking equipment use.

For example, using the Ping of Death technique, an attacker could exploit a vulnerability in how your firewalls or load balancers handle ICMP packets. They could flood them with oversized ICMP packets and cause them (and potentially your servers) to crash or destabilize.

Application Layer Attacks

Application layer attacks are similar to volumetric attacks but are more specific. Instead of attacking your entire network, an attacker may target a specific server with malicious requests.

For example, using the HTTP Flood technique, an attack may mimic legitimate user behavior by sending numerous HTTP requests to one of your servers and exhaust its processing ability. It’s worth noting volumetric attacks send more traffic overall.

Amplification Attacks

Amplification attacks “reflect” traffic off vulnerable third-party servers, such as DNS servers and NTP servers, to amplify the attack’s volume directed at your IP address. Let me simplify this.

For example, an attacker could send multiple tiny DNS queries (to trigger much larger responses) to a vulnerable DNS server and then send the server’s large responses to your IP address. This will make it difficult for you to differentiate legitimate traffic from attack traffic.

Motivation Behind DDoS Attacks

Not all DDoS attacks are business-destroying, but they sure do raise alarm bells. I mean, being an avid gamer, I’d be pretty mad if even a single gaming server in my network was down for just a few seconds during peak hours (it’d probably guarantee a 99.99% uptime, after all).

In no particular order of severity, here are some of the primary motivations behind DDoS attacks.

Political Motivations

“Hacktivism” sounds pretty interesting, right? I don’t know what your stance on activism is, but it’s related to that.

You can think of it as a way for activist groups to use DDoS attacks to protest against organizations or governments. For example, let’s say there’s a political issue an activist group wants to draw the government’s attention to. And I mean immediately.

They may attack a government website to express their dissent. While I don’t support it, it could lead to quicker justice.

Financial Gain

Greed is a nasty trait, but let’s face it — we’re all greedy in one way or another. Some of us are greedy for sweets, others for money.

Financial greed can lead some people to carry out DDoS attacks.

If your gaming servers are earning top bucks, your business could attract attention. Attackers could use DDoS attacks with the goal of making quick money. This is also known as a ransom DDoS (RDoS) attack.

Business Rivalry

I’ve already talked about corporate sabotage, also known as business rivalry. This practice may drive customers from your business to theirs, but rest assured, it can lead to serious legal consequences.

Unfortunately, even if the guilty party is apprehended, you’re unlikely to regain all your customers. On the flip side, their customers could flock to you. Every cloud has a silver lining!

Personal Vendetta and Cyber Vandalism

Have you watched the movie V for Vendetta? If you have, you’ll understand why personal vendetta and cyber vandalism are strong drivers of DDoS attacks.

While these attacks may lack clear financial or political motivations, a former employee, friend, or family member may be out to cause disruption to your business, so keep your eyes and ears open!

Distraction Attacks

DDoS attacks disrupt the normal functioning of your network, server, or online service, but don’t allow the attacker to gain access to them. Well, not directly — they could be used as part of a larger strategy.

For example, they could be used to divert attention while another cyberattack, such as data theft, is conducted. You need to assemble a solid security protocol — more soon.

The Impact of DDoS Attacks

EA Sports FC 25 has been released, and I’m super duper pumped (football is my favorite sport), so excuse me for using the gaming server network example once again (for the last time, I promise)!

Let’s imagine all your servers are down due to a volumetric attack. Alongside operational disruption, you may face consequences like financial loss due to business downtime, reputational damage, and security breaches.

That was just an overview. Now I’m going to explore the impact of DDoS attacks in detail.

Financial Loss

If your entire network is slowed down or unavailable due to a DDoS attack, your customers will not be able to access your services. If you run an eCommerce shop, for example, this means lost revenue. And you may even have to compensate customers for business downtime.

DDoS attacks can be costly for businesses.

For instance, to attract customers back to your online store, you might need to launch promotional offers or discounts — this is just the tip of the iceberg.

Reputation Damage

Promotional offers or discounts and other compensation strategies may entice some of your customers to switch back to your services, but the reality is a DDoS attack can damage your reputation.

To win customers back, try to be as transparent in your communication as possible, compensate them to the best of your ability, and assure them you’ve implemented stringent security measures to ensure they won’t face such situations again.

Data Loss or Security Breaches

A DDoS attack may simply be a smokescreen. Cybercriminals can use the confusion caused by the attack to exploit exposed vulnerabilities and steal confidential data. Your security team needs to be on their toes to ensure all potential vulnerabilities are sealed in double-quick time.

Data loss can be another expensive consequence of DDoS attacks.

The last thing you want is to lose customers during business downtime and have their personal information exposed!

Operational Disruption

Prolonged downtime will affect most, if not all, internal processes and negatively impact the productivity and morale of your employees. The overthinkers, for example, may start considering finding a new job since they might believe your business is “obviously” going to shut down!

Communication is key again. Try to find the most efficient ways to communicate with your employees and make sure the leadership team makes decisive choices to get the business up and running again.

Defending Against DDoS Attacks

I understand how frustrating dealing with a DDoS attack can be (I’ve read enough case studies), but I had a great time doing research for this section and finding out about defensive strategies. I mean, I grew up playing tower defense games like Plants vs. Zombies (especially during Computer Science class)!

Treat your defense against DDoS attacks as a game you must win to survive. And when I say survive, I mean it — a cyber attack could ruin your business, after all. Let’s begin the masterclass.

Proactive vs. Reactive Defense

You should always anticipate the worst and prepare for it. You’re not living in a castle with burly troops to guard your home. And even if you truly believe you are, troops can betray your trust. You should implement measures to prevent business downtime, minimize damage, improve response time, and enhance your security posture.

I also recommend having a crisis management plan in place to effectively communicate with your customers during a DDoS attack. Don’t be reactive — be proactive.

Infrastructure-Based Solutions

If you have the means (and necessity) to operate multiple servers for your business, you should consider infrastructure-based solutions like load balancing and anycast routing, as they create a robust defense against DDoS attacks.

Let’s say an attacker has targeted a particular server in your network to launch a DDoS attack. By using load balancing and anycast routing, the load will be evenly spread across your network.

While this won’t guarantee complete protection against a DDoS attack, it’ll make it more difficult for the attacker to bring down your network.

Mitigation Services

You can think of cloud-based DDoS mitigation services like Cloudflare and Akamai as “sponges” that absorb and filter malicious traffic before it can wreak havoc on your servers.

You already know how important content delivery networks (CDNs) are for enhancing webpage loading times. Well, they also play a role in mitigating DDoS attacks, and I’m sure you’ve guessed how: They distribute traffic across multiple server locations.

Rate Limiting and Throttling

Rate limiting and throttling may seem annoying on paper, especially when you’re surfing the net, but they’re crucial techniques to maintain server performance and availability, particularly during a DDoS attack.

Rate limiting is used to control the number of requests a user in your network can send to a server in a defined timeframe. Rate throttling is used to manage the overall traffic sent to a server in your network.

Network Security Protocols

Your network’s security toolset is incomplete without firewalls and Intrusion Prevention Systems (IPS). They analyze your network’s traffic in different ways and can automatically block harmful or unwanted traffic during an attack.

Firewalls, for example, monitor traffic based on a set of rules you’ve predefined. In this case, IPS have more of a free reign — they’re ideal for advanced threat mitigation.

Tools and Services

If you’re a control freak or simply want to cover all bases (when it comes to security, it’s better to be both), here are some other popular anti-DDoS tools and services you should take for a spin:

Radware, Imperva, and F5 Networks are other honorable mentions. All of these tools and services will help you make your system bulletproof, but remember, you need to keep upgrading your security posture to stay ahead of the curve.

The Future of DDoS Attacks

DDoS attacks don’t just affect businesses. There will be an estimated 6.81 million DDoS attacks by the end of 2024. In other words, DDoS attacks will affect one in 20 internet users. I wish I could say things will get better, but they won’t.

Cybercriminals will get more sophisticated in the coming days, months, and years, and the volume of DDoS attacks is likely to increase. You need to do your part to stay safe.

Take note of all the defensive measures I have listed in the previous section and do further research as well — it’s better to be safe than sorry. And if you live in the U.S., be particularly aware: Around 50% of all DDoS attack incidents in 2024 are predicted to take place in the United States.

Stay safe!

About the Author

Contributing Expert

Surajdeep Singh is a technology journalist who has contributed to Cointelegraph, IT Business Edge, Progress Telerik, and several other prominent publications. He has a Bachelor of Technology degree in computer science and engineering from PES University. With more than seven years of experience spearheading the marketing and content strategy of Web3 businesses, Surajdeep's subject matter expertise includes hosting infrastructure, Web3 and enterprise technology, security best practices, and people and productivity.

« BACK TO: HOW-TO

Meet the Experts

Our team of experts with a combined 50+ years of experience in web hosting serve insight and advice to more than 20 million users!

We Know Hosting

$

4

8

,

2

8

3

spent annually on web hosting!