Distributed Denial of Service

DDoS – like sudden traffic jam that blocks a motorway

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by flooding internet traffic to the target or surrounding infrastructure. The effectiveness of DDoS attacks is achieved by using multiple compromised computer systems as sources of attack traffic. The exploited machines can include computers and other network-connected resources, such as IoT devices.

A DDoS attack can be compared to, for example, a sudden traffic jam that blocks a motorway and prevents normal traffic from reaching its destination. DDoS attacks are carried out on networks of machines connected to the internet. These networks consist of computers and other devices (such as IoT devices) that are infected with malware, allowing the attacker to control them remotely. These individual devices are called bots, and a group of bots is called a botnet.

Remote control of botnets by attackers

Once the botnet is established, the attacker can control the attack by sending remote instructions to each bot. When the botnet targets the victim’s server or network, each bot sends requests to the target’s IP address, potentially overloading the server or network and blocking normal traffic.

Challenges in identifying DDoS traffic

Because each bot is a legitimate internet device, it can be difficult to distinguish attack traffic from normal traffic. The most obvious symptom of a DDoS attack is that a website or service suddenly becomes slow or unavailable.