Distributed Denial of Service (DDoS) | Intel471 Skip to content

Distributed Denial of Service (DDoS)

A denial of service technique that uses numerous hosts to perform the attack.

Homepage slide 1
13 Distributed Denial of Service

A Distributed Denial of Service (DDoS) attack is usually carried out by a person or group of people who use computers to send large amounts of data to a target, with the goal being to slow down the site's performance and cause it to crash.

  • Distributed denial of service (DDoS) is an attack that floods a website and target server with a wide variety of malicious traffic in order to make it unavailable to users.

  • The most common type of DDoS attack is called a distributed reflection attack.

  • In this type of attack, multiple computers send requests at a voluminous rate to a server, which sends back a response.

  • This causes the server and network infrastructures to slow down or crash.

DDoS attacks can be launched as part of cyber-espionage campaigns where attackers attempt to gain control of computers belonging to organizations such as government agencies, financial institutions, energy companies, defense contractors, healthcare facilities, universities, research labs, and other critical infrastructure targets. They may also be used to extort money from businesses or individuals.

How do DDoS attacks work?

To accomplish a DDoS attack, the primary method is through a network of remote-controlled, hacked computers or “bots.” These are often called “zombie computers” or “botnets.” They form a “botnet,” or network of “bots.“ These are used to flood a targeted website, server or network with more data than it can accommodate.

The infamous 2016 Dyn attack was accomplished through Mirai malware, which created a botnet of IoT devices, including cameras, smart televisions, printers, and baby monitors.

What are the Methods of a DDoS attack?

There are many different ways to carry out a DDoS attack. Some examples include:

  • Sending massive numbers of HTTP request messages to a targeted host;

  • Flooding a victim with UDP packets;

  • Using TCP SYNs to overwhelm a target machine;

  • Spoofing IP addresses to trick the target into thinking there are more machines than actually exist;

  • Attacking DNS resolvers to redirect victims to false sites;

  • Launching brute-force password guessing

What is the Difference between a DDoS and a DoS attack?

A distributed denial-of-service attack occurs when someone attempts to prevent you from accessing your website or other service. The attacker sends so much traffic at your site that they overwhelm your servers' capacity to handle requests. This causes them to become unavailable for legitimate users.

Denial-of-service attacks are often used as part of hacking activities such as phishing scams, but there are also many nonmalicious reasons why people might want to launch one.