> [!abstract] In short: A DDoS attack tries to disrupt a website, server, or service by overwhelming it with traffic from many compromised devices at once. The principle it attacks is **availability**: the goal isn't to steal data, it's to knock the target offline. ## What it is A Distributed Denial of Service attack interrupts the normal functioning of a website, server, or online service, directly compromising one of the core security principles: **availability**. Unlike a plain **Denial of Service (DoS)** attack, which comes from a single source, a DDoS uses many compromised devices, such as computers or IoT gadgets infected with malware, to send traffic simultaneously. That flood overflows the network, causing instability or bringing the service down. Those compromised devices working together are called a **botnet**. ## The three components > [!info] The attacker: The group or individual orchestrating the plan to disrupt a target. > [!info] The botnet: A network of compromised devices spread across many locations, used to generate the attack traffic. Most were hijacked without the owner's knowledge, so people are often unknowingly part of an attack. > [!info] The victim: The target server, service, or network being disrupted. ## Why it matters These attacks can hit businesses that rely on an online presence hard. Beyond the direct financial impact, there's reputational damage: users who can't reach a service lose trust and may migrate to competitors. ## Categories of DDoS DDoS attacks are usually grouped into three types: |Category|How it works| |---|---| |**Volumetric**|Floods the network with massive traffic to saturate bandwidth.| |**Protocol**|Exploits weaknesses in network protocols, like SYN floods.| |**Application layer**|Targets specific services such as HTTP to exhaust server resources.| ## Common defenses - **CDNs** (Content Delivery Networks) absorb and distribute traffic. - **Web Application Firewalls (WAFs)** filter malicious requests. - **Rate limiting** caps how many requests a source can make. - **Traffic filtering services** like Cloudflare or AWS Shield sit in front of the target and scrub bad traffic. > [!tip] A DDoS doesn't break in, it piles up at the door until nobody can get through. That's why defense is about absorbing and filtering traffic at scale, not locking it out one request at a time.