A DDoS attack, short for Distributed Denial-of-Service attack, is a coordinated cyberattack in which a large number of compromised machines flood a target server, network, or application with traffic, overwhelming its capacity and making it unavailable to legitimate users. The "distributed" aspect distinguishes it from a simpler DoS (Denial-of-Service) attack, which originates from a single source. Because the malicious traffic comes from thousands or even millions of devices simultaneously, DDoS attacks are significantly harder to block.
How a DDoS Attack Works
Attackers typically build or rent a botnet - a network of infected computers, servers, and IoT devices under their remote control. When the attack is launched, all devices in the botnet send requests to the target at once. The volume of incoming traffic exhausts the server's bandwidth, processing power, or memory, causing it to slow down dramatically or crash entirely. This results in degraded uptime and, in severe cases, complete service outages that can last hours or days.
DDoS attacks take several forms. Volumetric attacks aim to saturate bandwidth with sheer data volume. Protocol attacks exploit weaknesses in network protocols, such as SYN floods that exhaust connection tables. Application-layer attacks, also called Layer 7 attacks, target web application resources by mimicking legitimate HTTP requests, making them particularly difficult to detect.
Mitigation Strategies
Defending against DDoS attacks requires a layered approach, since no single solution addresses every attack type.
A Web Application Firewall (WAF) inspects incoming HTTP traffic and can filter out malicious requests before they reach the server. It is especially effective against application-layer attacks, where traffic patterns resemble legitimate browsing behavior but target specific endpoints to exhaust resources.
A Content Delivery Network (CDN) distributes traffic across a geographically dispersed network of servers. Because the attack traffic is absorbed across many nodes rather than concentrated on a single origin server, a CDN significantly reduces the impact of volumetric attacks and keeps the site accessible to real users.
Rate limiting is another important control, restricting the number of requests a single IP address or client can make within a given time window. This prevents any one source from monopolizing server resources, and when combined with traffic analysis, it can identify and throttle suspicious request patterns automatically.
Additional measures include anycast network diffusion, traffic scrubbing services that filter attack traffic upstream, and load balancers that distribute legitimate requests evenly while helping absorb traffic spikes. For high-risk applications, dedicated DDoS protection services offered by providers such as Cloudflare, Akamai, or AWS Shield provide always-on monitoring and automatic mitigation at scale.
Understanding DDoS risks is essential for any team responsible for maintaining uptime and reliability, particularly for e-commerce platforms, SaaS applications, and public-facing APIs where availability directly affects revenue and user trust.