A DDoS (Distributed Denial of Service) attack overwhelms a server with excessive traffic to make it unavailable.
A DDoS (Distributed Denial of Service) attack floods a server with massive traffic from many sources, overwhelming it until legitimate users cannot access it. The server crashes or becomes so slow that the service is unusable.
Imagine a store with one entrance. An attacker pays thousands of people to crowd the entrance, blocking real customers from getting in. That is essentially a DDoS attack.
Attackers control thousands of compromised computers (called a botnet) and command them to send requests to your server simultaneously. Your server tries to handle all requests but gets overwhelmed and crashes.
Example: Your API normally handles 1,000 requests per second. A DDoS attack sends 100,000 requests per second. Your server cannot keep up and stops responding.
Volumetric Attacks: Flood the network with massive data, consuming all bandwidth. Like stuffing a pipe with so much water it bursts.
Protocol Attacks: Exploit weaknesses in network protocols, consuming server resources. Target the connection process itself.
Application Layer Attacks: Mimic legitimate traffic but overwhelm the application. Harder to detect because requests look normal.
GitHub (2018): Hit with 1.35 terabits per second attack. Largest DDoS in history at the time. GitHub went down for several minutes.
Dyn DNS (2016): Attack took down major websites - Twitter, Netflix, PayPal, Spotify. Millions of users affected for hours.
No related topics found.
Small Businesses: Often targeted with ransom demands. "Pay us or we DDoS your site during your biggest sale."
Extortion: Demand payment to stop the attack.
Competition: Take down a rival business website.
Activism: Protest against companies or governments.
Revenge: Disgruntled employees or users.
Distraction: Hide other attacks like data theft.
Rate Limiting: Limit requests per IP address. Legitimate users rarely make 1,000 requests per second.
CDN and DDoS Protection: Services like Cloudflare, AWS Shield absorb attack traffic before it reaches your servers.
Traffic Filtering: Identify and block malicious traffic patterns while allowing legitimate users through.
Scalability: Auto-scale servers during attacks to handle increased load.
Geographic Filtering: Block traffic from countries where you have no users.
Downtime: E-commerce losing sales, SaaS losing subscriptions, reputation damage.
Mitigation: Cloud costs spike during attacks if auto-scaling triggers.
Lost Customers: Users who cannot access your service might switch to competitors.
For small businesses, a sustained DDoS can be devastating without proper protection.
Investing in DDoS protection before an attack is far cheaper than dealing with downtime during one. Most cloud providers offer DDoS protection services.
Even basic protections (rate limiting, CDN) significantly reduce vulnerability. Complete immunity is impossible, but making attacks expensive and difficult deters most attackers.
DDoS attacks are common. Any public-facing service is a potential target. Understanding how they work and implementing basic protections is essential for any production application.
