All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
A distributed denial-of-service (DDoS) attack sends massive volumes of traffic to a network, server, or system until it becomes nonfunctional. A DDoS attack is a subcategory of a denial-of-service (DoS) attack. But instead of only having one source, a DDoS attack uses multiple sources to execute its assault.
The goal is simple: Send so much traffic that the system becomes paralyzed by it. But the motivations of the cybercriminal can vary. Here are a few reasons why DDoS attacks are used:
- Hacktivists: Activism may use hacking to bring attention to their causes or show opposition to companies.
- Extortion: Just like ransomware, hackers may attack with a DDoS strategy and only stop if they receive a ransom.
- Competition: Corporate sabotage is not completely unheard of, and companies may pay cybercriminals to cause harm to their competitors, such as taking their websites offline.
- Smokescreen: Hackers may use a DDoS attack to distract companies from other cyberattacks happening in the network.
Regardless of why hackers implement DDoS attacks, you can be affected once you are blocked from accessing important information online and even your personal accounts. Keep reading to learn more about how DDoS attacks work and what can be done to mitigate and prevent them.
Types of DDoS attacks
Application layer attacks
Protocol attacks
Volumetric attacks
How to identify and respond to a DDoS attack
How to mitigate a DDoS attack
DDoS attack FAQs
Bottom line
How do DDoS attacks work?
Let's use an online store as an example. It receives orders, gets payments, packages items, and then ships them out. But what happens when someone calls and makes a fake order with more than 100 items? You spend all your time and resources getting this shipment ready only for the person to not pick it up.
This is already an annoying problem, but imagine if you were getting several calls requesting large orders a day and you couldn't tell the difference between authentic orders and prank orders. You may end up breaking down and not getting anything productive done. This is essentially what happens to network resources when a DDoS attack is executed.
Cybercriminals use botnets to send a large number of requests to the targeted infrastructure. Botnets are a group of malware-infected computers, known as bots, that are controlled by a hacker.
The DDoS attack is practically automated thanks to botnets. The hacker can issue an order for botnets to send repeated requests until a server is too overwhelmed to function properly.
This can be fairly effective because botnets may pose as legitimate users with their own internet protocol (IP) addresses. Servers may not immediately recognize the threat and interact with them. It can also be difficult for information technology (IT) professionals to sort out the botnets from legitimate users for this reason.
Types of DDoS attacks
There are several types of DDoS attacks. Although they all accomplish the goal of overwhelming and paralyzing a server, they all do so in slightly different ways. DDoS attacks usually fall into three categories: application layer attacks, protocol attacks, and volumetric attacks.
Cybercriminals often will use a mix of these attacks to make it more complicated for IT security professionals to respond. Let's dive into each of these attack vectors and see how they work.
Application layer attacks
So you enter the URL of a specific webpage into your browser. The application layer is the server responding to the HTTP request to see that page.
An application layer attack focuses on the response and sends multiple requests to consume disk space and available memory. Because the attack stems from various IP addresses, it can be difficult for the server to recognize it's under attack.
Protocol attacks
Protocol attacks focus on the transactions between web servers with malicious connection requests. The idea is to overwhelm the targeted server and exhaust the processing capacity, firewalls, routing engines, and load balancers. Some of the protocols that get targeted include:
- User Datagram Protocol (UDP): Responsible for speeding up communications between servers
- Internet Control Message Protocol (ICMP): Helps spot any data transmission problems
- Transmission Control Protocol (TCP): Establishes a connection and then maintains it
One way to execute a protocol attack is to send fraudulent SYN packets, known as a SYN flood attack. The TCP conducts a connection between the sender (SYN packets) and the receiver (SYN-ACKs).
It starts with a cybercriminal sending fraudulent SYN packets to start the connection. The targeted server responds by sending SYN-ACKs and waits for the connection request to be completed. But because the attack leaves the targeted server hanging, it leads to the server using too much space for the connection requests and eventually crashing.
It's like if someone asks you for a high-five but then moves their hand away at the last second and doesn't complete the high-five with you.
Volumetric attacks
Imagine you are driving and then an unannounced parade started blocking the roads. This creates a traffic jam, so you can no longer drive your car down the road.
This is basically what happens to users with volumetric attacks. As the name implies, it sends massive amounts of attack traffic to a server to exhaust the bandwidth. Because the server is overcrowded, it can't allow authentic requests through.
An example is domain name system (DNS) amplification attacks. A cybercriminal spoofs the target's IP address by impersonating the real server. Then it sends requests to the DNS server. The DNS server then responds but sends the data to the real IP address. The goal is to overwhelm the target server with requests it didn't ask for.
How to identify and respond to a DDoS attack
There are several signs that can identify a DDoS attack. Some of these red flags include:
- Your website has crashed or takes too long to respond to requests
- A server repeatedly crashes for no apparent reason
- Internet connection speeds slow down significantly
- You are unable to login into financial systems, such as your bank account
- Your Wi-Fi signal drops and can't connect
- You have problems accessing websites
- An increase in spam emails
One of the reasons why DDoS attacks are particularly hard to respond to is that the source is from multiple IP addresses. It makes it harder to identify who is sending fraudulent requests and who is sending authentic requests.
You may want to contact your internet service provider (ISP) to get help filtering traffic. This may mean legitimate traffic gets denied too, but it's difficult to separate the authentic users from botnets. Here are three ways to respond to DDoS attacks:
- Black hole filtering: Create a filter for traffic to evaluate it based on certain criteria. If it doesn't meet the criteria, it goes to a null interface or a black hole.
- Casting: If you have access to multiple servers, you can distribute the traffic across all of them to lower the traffic and increase your overall capacity.
- IP blocking: If you notice IP addresses within the same range, these may be botnets and you can block them.
Responding to a DDoS attack is costly and time-consuming. It's much more effective to prepare yourself against a DDoS attack and prevent the attack from happening in the first place.
Another potential DDoS threat is having a hacker infect your device and make it part of their botnet. A cybercriminal may be able to make your device part of their botnet in a variety of ways. Maybe you clicked on a suspicious link online and downloaded malware. Another possibility is that you were sent a phishing email and got tricked into a malware installation.
Luckily, it's possible to tell if your device is part of a botnet. You can run your antivirus software, and it should be able to detect botnet malware. Once detected, you can delete the infected files and start recovering from the cyberattack.
How to mitigate a DDoS attack
Preventing a DDoS attack is well worth the effort because it's difficult to stop a DDoS attack once it's infiltrated your infrastructure. There are several tools you can implement to create a multilayered cybersecurity and DDoS mitigation strategy. Here are a few tools to consider:
- Use a virtual private network (VPN). A VPN can hide your IP address and make it more difficult to make you a target of a DDoS attack.
- Invest in a service with DoS protection. DoS protection can notice the early signs of a DDoS attack. However, it's usually expensive for a household, especially because it's normally meant for businesses. A VPN service for DDoS protection may be a better alternative.
- Keep antivirus software updated. You'll need updated antivirus software to stop the latest version of viruses and malware. It can also detect botnet malware and prevent your device from being used as a botnet.
- Install a firewall. Firewalls offer numerous cybersecurity protection measures. For DDoS attacks, web application firewalls can help mitigate traffic requests between a web application and the internet.
- Use dynamic IP addresses. Ask your ISP for dynamic IP addresses, which gives you a new IP address every day. It makes it harder to track you if you don't have a static IP address.
DDoS attack FAQs
What is the difference between a DDoS attack and a DoS attack?
The difference between a distributed denial-of-service (DDoS) and a denial-of-service (DoS) attack is the number of malicious sources making a flood of requests. A DDoS attack uses botnets and has several sources, whereas a DoS attack only has one source.
What is an example of a DDoS attack?
An example of a DDoS attack recently occurred when Google fended off the largest DDoS attack to date. The application layer attack peaked at 46 million requests per second. An early warning system gave Google time to mitigate the DDoS attack and prevent it from breaching the infrastructure.
How long do DDoS attacks last?
On average, DDoS attacks lasted roughly 50 hours in the second quarter of 2022, according to Securelist. However, 95.24% of DDoS attacks in the same period were considered “very short” or under four hours in duration. DDoS attack durations can vary depending on the hacker.
Bottom line
A distributed denial-of-service attack is stressful for companies and internet users. Companies risk losing access to their website and infrastructure. Meanwhile, internet users can't access online services. They may also find themselves in a position where their devices are being used as part of a botnet.
There are plenty of cybersecurity tools to use to protect yourself from DDoS attacks and reduce exploitable vulnerabilities. VPNs reduce your exposure to DDoS attacks because it masks your real IP address. Antivirus software and firewalls can detect malicious traffic and files. The key is to use these tools consistently and ensure they are updated regularly, so you can have a strong cybersecurity system.
Staying safe online requires proactive measures. Learn more about the benefits of VPNs, creating strong passwords, and why antivirus software is necessary to protect you from cybercrimes.