A distributed denial of service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. Historically, DoS (Denial of Service) attacks were a primary method for disrupting computer systems on a network. DoS attacks originate from a single machine and can be very simple; a basic ping flood attack can be accomplished by sending more ICMP (ping) requests to a targeted server than it is able to process and respond to efficiently. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination. The goal is to render the website or service inoperable.
DDoS attacks generally consist of attacks that fall into one or more categories, with some more sophisticated attacks combining attacks on different vectors. Following are the broad categories:
- Volume Based Attacks: These send massive amounts of traffic to overwhelm a network’s bandwidth.
- Protocol Attacks: These are more focused and exploit vulnerabilities in a server’s resources.
- Application Attacks: They are the most sophisticated form of DDoS attacks, focusing on particular web applications.
DDoS attacks have definitive symptoms. The problem is that the symptoms are so much like other issues that one might have with a computer, such as a virus attack or a slow internet connection. The most obvious symptoms of a DDoS attack include:
- Slow access to files, either locally or remotely.
- A long-term inability to access a particular website.
- Frequent internet disconnection.
- Problems accessing all websites.
- Excessive amount of spam emails.
Most of these symptoms can be hard to identify as being unusual. Even so, if two or more symptoms occur over long periods of time, one might have already become the victim of a DDoS attack.