What is DDoS attacks & How do they work?

What is DDoS attacks & How do they work?

Cyber attacks are very often nowadays, every few days there is news regarding cyber attacks like distributed denial of service attack, Man-In-The-Middle attacks, and many more.

In this article, we will learn about distributed denial of service attack and their types. At last, we’ll look into how to prevent these types of attacks.

Introduction What is a DDoS attack?

DDoS attack

Distributed Denial of Service attack works like it gets attacked by multiple computers at one single point of a server. It sends flooded requests that lead to a crash of the server or the server gets shut down. The authorized user gets the sign that says not available which is the whole reason why DDoS is used.

The DDoS attack is divided into two parts mainly which are DoS (Denial of Service) and DDoS (Distributed Denial of Service). The only key difference between them is DoS actually works with one device trying to overwhelm the network.

Examples of DDoS attacks

One of the largest DDoS attacks happened on the platform GitHub, which is one of the popular code management platforms for many developers. This attack was so crucial that it sends almost 50,000 requests every second.

But GitHub was already using DDoS protection which made it recognize the attack and automatically alert the attack to the respective administration. This massive attack lasted about 20 minutes and made GitHub sense a fear of uncertain insecurity.

Types of DDoS attacks

Distributed Denial of Service attacks are of various types and they can be different in many terms of the methods and techniques used to carry out the attack. Some types of DDoS attacks include:

Volumetric Attacks

Volumetric attacks focus to flood the target’s server, which makes it the most dominant form of DDoS attack. It is used mostly to overload the network with ample requests that make the server work slowly and sometimes lead to network failure.

It makes the target with a huge amount of unknown data and it leads to a loss of network bandwidth and can lead to loss of services which is a denial of service. Examples are DNS amplification attacks, ICMP floods, etc.

Protocol Attacks

These attacks take control of the TCP connection and exploit the connection with the host and the handshake. This attack targeted a request which uses a TCP connection to make a three-way handshake to recognize the other user’s connection.

But this attack pauses the three-way handshake in between and it let attackers to accesses the connection and makes multiple requests which in the end lets it shut down the server. Examples of protocol attacks are the ping of death attack and the smurf attack.

Application Attacks 

Application attacks target only specific applications or services which act as authorized at first glance and then exploit the user slowly which lets them hide and work silently. This attack works on the application layer and it is also called a Layer 7 attack.

It is combined with other kinds of Distributed Denial of Service attack and let the attacker target the application along with the network and bandwidth. It is difficult to find the attackers in this attack. Some examples are slow loris attacks, HTTP floods, etc.

Fragmentation Attacks

A fragmentation attack is a type of attack that involves sending packets over a network in an attempt to overload the network and it led to the denial of service of a network. The goal of this attack is simple it disrupts the normal functioning of a network and overloads it with an ample small part of packets, which is not easy to assemble and process.

Fragmentation attacks are difficult to read as they involve traffic from various sources, making it hard to verify the authorized traffic between legitimate and malicious. It is not easy to handle this attack, because of its fragmentation.

Examples of real-life DDoS attacks

There are many real-life examples of distributed denial of service attacks, and it causes a lot of data theft and loss of millions of dollars. One of the real-life DDoS attacks happened on AWS.

AWS attack

AWS Dyn attack was one of the crucial attack that happened in 2016, this attack solely leads to the loss of millions of IP addresses of users. Many popular websites like GitHub, Reddit, Heroku, and maybe PayPal were under attack and this was not just an ordinary attack.

It was a pretty massive and powerful attack, and this attack went through for more than 5 hours. This means a loss of billions of dollars of revenue. This attack happened because of a severe vulnerability in IoT devices like smart TV, printers, etc.

Dyn attack

Dyn i.e Internet performance system and this attack were said to be the most outrageous cyber attack that happened as it brings one of the most developed national networks down. This attack was caused by the malware which is the Mirai botnet and it attack the server of Dyn which holds control of the internet.

Eventually, with proper resources, the attackers were able to design a bot and implant it in the IoT devices for over a month, and later on, it got activated and everyone who was sending the DNS request out there eventually made a flood over the server. This led to the crashing of the server from the network.

DDoS attacks: How do they work?

The DDoS attack i.e Distributed Denial of Service is focused on various aspects and tries to deny the access of authorized users by not making the server busy with multiple requests. To understand it better let’s just take one arbitrary example.

Suppose there’s a server it got a million requests from many devices, this is not possible to serve millions of devices at a time so the server going to wrap up and bind up and is going to shut all the services out there. In these attacks when the requests are being made more than what is expected out there eventually the server gets shut down.

Layer-3: Network layer

A layer 3 attack works and targets the network layer of the OSI model. Which attacks the network and forward the data packets to different routing places.

An attacker tries to exploit the network infrastructure or portals to gain access to the network resources. Some common attacks that come under layer 3 networks are Fragmentation attacks, Smurf attacks, etc.

Layer-4: Transport layer

This attack works on the OSI transport layer protocol, it interferes with the communication between multiple devices and tries to read the message this lead to a loss of integrity between the users.

Attacks include TCP spoofing, TCP reset attack, UDP attack, and lastly SYN flood.

Layer-7: Application layer

This attack is also a part of the OSI model and it works on the application layer. It is responsible for taking the user taking through the application layer. It acts as a user interface and convey all the user request and displays it properly.

Layer 7 attacks often happen to exploit the user data and disrupt the application operation. Attackers try to gain unauthorized access to the network and steal important data. Some common examples are SQL injection and HTTP attacks.

How long does a DDoS attack last?

The duration of a DDoS attack can be very much radical on time and the type of attack that has been done. This can be either for a minute or for the whole day. The only key difference in lasting the DDoS attack longer is the key to hiding and not being able to find the solution to prevent the attack.

The cause of a DDoS attack can be a long-lasting even if the attack is short too. It can cause the website and the network services to become unavailable to the user, and this can lead to user dissatisfaction. The DDoS attack is a costly one because of its requirements like network bandwidth and another working resource.

How to defend yourself against DDoS attacks

To defend your system against DDoS attacks, there are several ways to do that. Because it provides you security and makes your system stand straight against the Denial Distributed of Services attack.

Take a quick action Configure firewalls and routers 

One of the best ways to secure your devices against Distributed Denial of Services is to configure and maintain the firewalls and routers properly. Because the attacks happened mostly because of this factor.

It helps in blocking unknown traffic from unknown because of configuring and making some required changes in the firewall and routers. It blocks the IP address which is not known to the firewall and asks the user to look into it.

Consider artificial intelligence

Artificial Intelligence is a great way to secure devices and networks against the Distributed Denial of Service (DDoS) attacks. It helps in analyzing the pattern to understand the network traffic and make proper measurements to secure the network services from these types of attacks.

Predictive modeling is a great way to build a model that will help in identifying the DDoS attacks before they even occur. These models often tell the organization about any future attacks that might happen to the organization.

Secure your Internet of Things devices 

Most often the big attacks happened through the IoT devices and it is the sole reason they get spread quickly because of dysfunction in the network. It is very crucial to secure the IoT devices that should be protected against DDoS attacks.

To protect your IoT devices always use a strong password, keep the device up to date, and use two-step factor authentication. and lastly if important use a VPN to communicate.

DDoS response plan

DDoS resource plan provides the outline of all the resources that are being used and how they can be secured against DDoS attacks. The goal of the DDoS response plan is to reduce the impact of the attack and protect important assets.

Cloud-based protection

Cloud-based and enhanced network security protection is a great way to enhance network security that can be helpful to defend against any DDoS attacks.

Enhanced network security

It uses network servers to distribute around the world and it absorbs all the traffic from the attack. It is one of the most effective types to secure data against the Distributed Denial of Service (DDoS) attacks.

Continual traffic monitoring

Track and monitoring the traffic is an effective way to reduce the attacks. It constantly monitored the traffic and identify any bogus or unusual patterns that may have the potential to be DDoS attacks.

Limit network broadcasts

Limiting network broadcasts is a technique that can be used to make the network specific and reduce the DDoS attack. As it directly controls the network bandwidth and throughput which lets the organization manage the network properly.

Beware of warning signs

This is also known as the social engineering concept where users are get educated and aware of various signs on the internet that can lead to DDoS attacks very often. This attack categorizes into various formats like an unusually high traffic sign, error messages sign, slow performance sign and access denied sign.


DDoS attacks nowadays are very common and you should be aware of such things. That’s all for this article to try to explore and learn more about these types of attacks.

Frequently Asked Questions (FAQs)

What is a distributed denial of service DDoS attack?

The DDoS attack i.e Distributed Denial of Service is that it doesn’t allow you to access the data. The goal is pretty it just lets the resource busy and doesn’t give access to the authorized users.

What is a DDoS attack and how does it work? 

The DDoS attack i.e Distributed Denial of Service is focused on various aspects and tries to deny the access of authorized users by not making the server busy with multiple requests.

What would a DDOS attack look like?

The DDoS attack simply slows the server by flooding it with multiple requests at one time. This led to the unavailability of DDoS.

How long do DDoS attacks last? 

The duration of a DDoS(Distributed Denial of Service) attack can be different depending on the type of attack that happened. This can be either for a minute or for the whole day.

How do DDOS attacks work?

The DDoS attack simply means Distributed Denial of Service attack in that you are not allowed to take the service or the server is not allowed to give the service to the users.

Sharing is caring

Did you like what Anas Khan wrote? Thank them for their work by sharing it on social media.