What is a DDoS Attack?
A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt a target server, service, or network by overwhelming it with a flood of internet traffic from multiple sources. This section helps you understand the fundamental nature of these threats, their common forms, and their potential impact.
DoS vs. DDoS: The Critical Difference
| Feature | DoS (Denial of Service) | DDoS (Distributed DoS) |
|---|---|---|
| Source | Single System ๐ป | Multiple Systems ๐ |
| Speed | Slower | Faster |
| Traffic Volume | Lower | Massive (up to Tbps) |
| Traceability | Easier to Trace | Very Difficult to Trace |
| Blocking | Relatively Simple | Highly Complex |
Common Attack Categories
DDoS attacks primarily fall into three categories. Hover over the chart segments to learn more.
Signs of an Ongoing DDoS Attack
Early detection is key. While a full-blown attack causes obvious service failures, these indirect indicators can provide an early warning. Recognizing these signs allows your team to respond faster and potentially mitigate the impact.
System Instability
Frequent and noticeable failures of server software or the OS, such as system hangs or incorrect shutdowns.
Abnormal Resource Load
A sharp, inexplicable increase in CPU, memory, or disk usage that deviates from normal performance baselines.
Unusual Traffic Surges
A rapid increase in incoming network traffic, especially concentrated on one or more specific ports.
Duplicated Client Actions
Logs showing identical actions (like file uploads) from many different IP addresses targeting the same resource.
Anomalous Log Entries
Server or firewall logs showing a high volume of identical requests from geographically diverse or unusual sources.