What is a DDoS attack in simple words?
DDoS means distributed denial of service attack. In simple words, a DDoS attack is like an unexpected traffic jam which blocks a one-way road. This prevents other regular motorists from using the same road.
Legitimate users can’t access a resource because malicious individuals have compromised the resource. In computing terms, a DDoS attack is a malicious attack which tends to disrupt genuine traffic to a targeted service or even a server. It works by overwhelming the service with a flood of internet traffic.
DDoS cause distributed denial of service through employing multiple compromised computer systems to emit the distributed traffic needed. The difference between a DoS attack (Denial of service) and a DD0S attack is that in DoS, only one system is sending the malicious requests while in DDoS, multiple systems are employed. A real life example of a DDoS attack is sending a lot of distributed requests to a web server, the page will then crash due to the high demand.
Types of DDoS attacks
There are basically 3 categories of DDoS attacks:
- Volume based attacks– this attack targets a network’s bandwidth. Massive requests are sent to overwhelm it. The size of this attack is measured in bits per second (bps). Such attacks include spoofed-packet flood attacks.
- Protocol/network layer attacks-such attacks target the server or different network infrastructure. They exploit vulnerabilities in the server resources. They include smurf DDoS attacks. The size of these attacks is measured in packets per second (PPS)
- Application layer attacks– these are the most sophisticated forms of DDoS attacks. They focus on particular web applications. They flood these applications with malicious requests. These attacks are measured in requests per second (RPS).
You should know that for every DDoS attack, the attacker wants to slow down the response rate of online resources or even make them completely unresponsive.
How a DDos attacks work
The basic idea behind primary DDoS attacks is simple. A DDoS attack targets a website, server, service or network, then floods it with internet traffic. The idea is for the traffic to overload the target rendering it useless because it cannot processes any legitimate requests.
The different attacks are focused on the particular layers of the OSI (open systems interconnection) model.
Since the attacks focus on these different layers, this is why the three major types of DDoS attacks are also targeted on the different layers and the different devices on those layers.
Botnets
A botnet is a network of remotely controlled computers which have been hacked. Such connection forms a network of bots. This is how a DDoS is formed and the large network differentiates it from DoS. This makes it easy to crawl down a target being a server, network or website. When you compare such requests coming from a single computer versus a network of computers, the networks will always cripple the target.
Botnets are controlled by cyber criminals and they can be of different ranges. At times, there are million of computers targeting a resource. This might sound scary but this is how cyber criminals are able to take down even the strongest servers. You might also be shocked since your computer may be part of a botnet.
Cyber hackers have different intentions when conducting these attacks. Some hackers may be interested in sending malware or spams. A famous category of such malware is ransomware.
Even devices that are part of the Internet of Things are also being hacked to constitute a botnet. Such devices are being targeted to be part of botnets since they are not as secure as other devices like laptops and desktops with more secure software.
A great example of an attack which used the concept of DDoS and targeted internet of things devices is the Mirai malware. Devices in this botnet included things like cameras. That is not final about this Mirai botnet attack since it had an open source code. This means that the code is available even to cyber criminals who can configure it in the future to conduct an even more dangerous DD0S attack.

Traffic flood
Botnets can be used to cripple web servers with illegitimate HTTP or HTTPS requests. These protocols are used to retrieve information from a server or request for information to be stored or uploaded. The difference between HTTP and HTTPS protocol is that HTTPS is secure.
Hacking many computers to create a botnet may be hard, and cyber criminals have now developed botnets which they sell in the dark web. That is how cyber criminals are motivated, shocking, right?
For traffic floods, GET requests are easier to implement. A motivated cyber criminal will scroll through the dark web to find tools that will accomplish his mission. You might be asking yourself how these criminals are able to seal their identities, simple, the Tor browser. This browser gives the attacker an anonymous identity while accessing the internet. This is why cyber crimes like DDoS are growing at an alarming rate.
Protecting yourself from DDos attacks
1 . Configure your routers and firewalls
Firewalls and routers should be set to block some traffic or filter first before allowing any traffic. These devices are the first defense level to your business network. When traffic coming to your network and systems is filtered, security issues like signs of a DDoS attack can be identified at first hand.
It is also crucial that these two devices and others in your network always remain patched. Patching ensures that your system is up to date and any vulnerability in the previous unpatched system is not exploited.
2. Have a Protection Plan
Your business should have anti-DDoS plans and procedures. Such measures could be simple like having software which detects malicious traffic that could be indicating a DDoS attack.
Your business should also be always ready to notify your ISP (Internet Service Provider) in case of a DDoS attack. This is because your ISP can divert all traffic to a black hole, a null route where all excess traffic is directed to prevent the network or website from crashing. But this means all traffic is directed, legitimate or illegitimate.
A DDoS attack can withhold your services to your users and render your network and systems useless. You should configure the devices in your network to filter all traffic so that you can detected malicious traffic early. Always remember that your internet service provider can also come in handy to help you divert malicious traffic off your network.
How cyber-secure is your business? Find out with our free cybersecurity health check.
It’s a 30 minute Zoom call that walks through a checklist to assess your current cybersecurity levels and provide a short report with some advice and recommendations.