What are DDoS Attacks?

July 27, 2025

TL;DR

  • DDoS stands for Distributed Denial of Service
  • Common tactics include SYN Flooding, UDP Flooding and Amplification Attacks
  • Techniques like using CDNs (Cloudflare, Akamai), Rate limiting, behavioral analysis and Geo blocking can help protect your network

What is a DDoS Attack, Really?

A Denial of Service (DoS) attack happens when a service, server, or network is overwhelmed with traffic to the point it becomes unresponsive to legitimate users.

A Distributed DoS (DDoS) makes it worse by attacking from multiple systems, often tens of thousands of devices in a botnet coming from all around the world.

Why it works:

  • Servers, routers, APIs, etc., have finite resources
  • Floods exhaust bandwidth, sockets, memory, or processing power
  • Once capacity is exceeded, even valid requests can't get through

Analogy time: It’s like if 50,000 bots stood in line at a bank and screamed "CHECK BALANCE" every second until the teller quit.

a1fl4y.jpg

Types of DDoS Attacks

1. Volumetric Attacks

Designed to consume all available bandwidth. These rely on massive packet volumes:

  • UDP floods
  • Amplification Attacks (e.g., NTP, SSDP, CLDAP)
  • DNS Reflection

They often reach hundreds of Gbps or even Tbps. Because spoofing is easy over UDP, attackers forge requests with the victim's IP.

Small request in ➔ huge response out ➔ traffic tsunami to the target.

a1fldf.jpg

2. Protocol Attacks

These exploit weaknesses in layer 3 and 4 protocols (IP/TCP/UDP):

  • SYN Floods: Abuse the TCP handshake (SYN > SYN-ACK > ...nothing)
  • Ping of Death: Send oversized packets
  • Fragmentation Attacks: Send malformed packets that systems can't reassemble

Goal: Exhaust server resources like connection tables, CPU, or memory.

3. Application-Layer Attacks

These are stealthier. They mimic real user behavior:

  • HTTP GET/POST floods
  • Slowloris: Opens HTTP connections and holds them open without finishing
  • TLS Exhaustion: Flood with HTTPS handshakes

Why are they dangerous? These use low bandwidth but cause high load, bypassing traditional mitigation.

Botnets: The Muscle Behind DDoS

Botnets are networks of compromised devices controlled remotely via C2 (Command & Control).

Famous examples:

  • Mirai (IoT devices with default creds)
  • Mozi, QBot, Mēris

DDoS-as-a-Service is real:

  • $20-$50 for a few minutes of targeted traffic pain
  • Darknet platforms sell access to botnets like Netflix sells subscriptions

And yes, botnets consist of ‘smart’ fridges, baby monitors, hacked routers, etc.

a1flnd.jpg

Case Studies in Modern DDoS

Dyn DNS (2016)

  • Took down Twitter, GitHub, Reddit
  • Powered by Mirai botnet
  • Used DNS reflection and SYN floods

AWS 2.3 Tbps (2020)

  • Largest known volumetric attack
  • Used CLDAP reflection
  • Peak attack size: 2.3 terabits per second

OVH TLS Flood (2023)

  • Focused on exhausting TLS handshakes
  • Application-layer attack with randomized payloads

Mitigation — Why It’s Not Just a “Firewall Thing”

"Just block the IPs" is laughably naive.

Challenges include:

  • IP spoofing and rotating
  • Legit traffic mixed with bad traffic
  • Resource exhaustion happens faster than alerting

What helps:

  • CDNs (Cloudflare, Akamai)
  • Rate limiting and behavioral analysis
  • Geo/IP filtering (with caveats)
  • Scrubbing centers via Anycast

Closing Thoughts

DDoS attacks are:

  • Easier to launch than ever
  • Harder to stop without prep
  • Increasingly used as a distraction or ransom layer

Whether you’re a sysadmin, dev, or solo app builder — understand what’s possible and plan accordingly.

Because your smart doorbell might be attacking someone right now.

© 2025 StuxFeed. All rights reserved.