A Distributed Denial of Service attack or DDoS is an attack in which multiple compromised systems, such as computers or other Internet of Things (IoT) devices, are used to attack an online platform, server or network, such as a website. The purpose of such an attack is to overload the online platform through the continuous request by compromised systems to access the online platform, which causes a so-called 'denial of service' making the system very slow or unresponsive, hindering normal use or access.
Two different types of DDoS attacks can be used: a network-layer attack and an application-layer attack. Network-layer attacks use large amounts of false requests from compromised systems to access a server. A method called IP spoofing can be used in network-layer attacks. This method uses fake IP addresses to attack the IP address of an individual or a website, which can result in a network overload or crash. On the other hand, application-layer attacks use large amounts of legitimate requests, issued by compromised systems, to overflow a system. A commonly used method is sending an overwhelming number of HTTP-requests to a server. The server cannot handle all the requests at once, and consequently overloads, crashes or shuts down. In order to protect servers from DDoS attacks, multiple protection layers can be used. For example, firewalls are designed to protect websites from overwhelming amounts of HTTP-requests, blackholing can redirect part of the traffic and routers or switches can be set to do rate limiting.
Related keywords: HTTP floods, DDoS protection, botnet attack, zombie attack, traffic spike, DNS amplification