Cybersecurity: What is a DDoS attack?

Following from yesterday’s Internet outage caused by a DDoS attack on Dyn’s DNS services, I thought it would be useful to write about DDoS attacks.

DDoS stands for Distributed Denial of Service. Denial of Service (DoS) means that you are trying to access a specific service, Internet-based in most cases (Google.com, Facebook.com, etc.) and you are unable to access the service. The attacker overloads the server with a higher-than-usual amount of internet traffic (network requests). Since the server is not designed to handle such high volumes of load, it does not have enough capacity to respond to all the requests.

The server either ends up with a backlog of requests, or ends up servicing (responding to) only a small number of the incoming requests. This causes most of the incoming requests to either fail, or to time out while waiting for the response. This causes the website you are trying to access to not load, thereby denying you service to the website. This is why the attack is known as a Denial of Service attack.

A Distributed Denial of Service (DDoS) attack is a DoS attack initiated from multiple IP addresses (machines), usually from a botnet. This makes it harder to mitigate and resolve the attacks, making it a much more dangerous attack.

-N