What Is a Distributed Denial-of-Service (DDoS) Attack?
A distributed denial-of-service attack, or DDoS attack, floods a website, application, network, or online service with traffic from many sources. The goal is to slow it down, knock it offline, or make it unreliable for real users.
A DDoS attack is a service disruption attack. Attackers use many devices or traffic sources to overwhelm a target so customers, employees, or systems cannot access it normally.
At a glance: A DDoS attack does not always steal data. Sometimes the damage comes from making a service unavailable when people need it.
DDoS Attack Meaning
Denial of service means a legitimate user cannot use a service. Distributed means the attack traffic comes from many places at once. That distribution makes the attack harder to stop than a single abusive connection.
DDoS traffic may come from botnets, compromised servers, cloud resources, reflection techniques, or rented attack infrastructure. The traffic can target network bandwidth, application resources, DNS, login pages, APIs, or specific business workflows.
The attack may look like a sudden traffic spike, slow pages, timeout errors, unavailable applications, or exhausted infrastructure. For customers, the experience is simple: the service does not work when they expect it to.
For organizations, DDoS risk is partly technical and partly operational. Even if no data is stolen, downtime can affect revenue, customer trust, support teams, service commitments, and incident response capacity.
How DDoS Attacks Work
DDoS attacks overwhelm a target by consuming resources faster than they can be handled.
- The attacker selects a target. The target may be a website, login portal, API, DNS service, application, or network connection.
- Traffic sources are gathered. Botnets, compromised systems, reflection services, or rented infrastructure may be used.
- Traffic is sent at scale. Requests, packets, or connection attempts flood the target.
- Resources become exhausted. Bandwidth, servers, databases, firewalls, load balancers, or application threads may struggle.
- Real users lose access. Customers or employees see slow performance, errors, failed logins, or full outages.
Common DDoS Attack Examples
DDoS attacks can target different layers of a service.
- Website flood: Large volumes of requests make a public website slow or unreachable.
- Login page attack: Attack traffic targets authentication pages so users cannot sign in.
- DNS attack: Traffic overwhelms the DNS services needed to find the site.
- Application-layer attack: Requests are crafted to consume expensive application or database resources.
- Extortion threat: An attacker threatens a DDoS attack unless the organization pays.
Why DDoS Attacks Matter
Availability is part of security. If users cannot access a portal, customer system, or business application, the organization still has a security and operations problem.
DDoS attacks can create direct revenue loss, support spikes, service-level issues, customer frustration, and reputational damage. They can also distract security teams while another attack is happening elsewhere.
Preparation is easier before an outage. DDoS response often depends on provider relationships, traffic filtering, architecture choices, and escalation contacts that should be ready before the first large traffic wave arrives.
How to Reduce DDoS Risk
DDoS defense is about resilience, monitoring, and response coordination.
- Use DDoS protection services. Cloud, CDN, hosting, and network providers may offer filtering and traffic absorption.
- Monitor traffic patterns. Baselines make it easier to spot abnormal spikes, unusual sources, and targeted endpoints.
- Design for resilience. Load balancing, scaling, caching, and redundancy can reduce single points of failure.
- Prepare escalation paths. Know who to call at hosting, DNS, CDN, network, and application providers during an attack.
- Protect critical workflows. Login, payment, support, and customer portals may need extra rate limiting and traffic controls.
What to Do During a DDoS Attack
Response should focus on traffic filtering, business communication, and checking for secondary attacks.
- Activate the incident plan. Bring together infrastructure, security, support, communications, and provider contacts.
- Confirm the target and pattern. Identify affected services, traffic types, source patterns, and business impact.
- Escalate to providers. DDoS mitigation often requires upstream filtering or capacity support.
- Watch for secondary activity. Attackers may use disruption as cover for phishing, fraud, or intrusion attempts.
Related Distributed Denial-of-Service (DDoS) Attack Terms
DDoS attacks often rely on compromised devices and useful security signals.
- Botnets explains the infected device networks often used to generate attack traffic.
- Threat Intelligence covers signals that can help teams prepare for active threats.
Distributed Denial-of-Service (DDoS) Attack Takeaway
A DDoS attack is a reminder that security also means keeping services available. The attacker may not need to break into the system to cause business damage.
The best results usually come from preparation: resilient architecture, monitoring, provider relationships, and a response plan that can move quickly under pressure.
Questions Teams Ask About DDoS Attacks
Quick answers about traffic floods, botnets, business disruption, and DDoS preparation.
What is a DDoS attack?
A distributed denial-of-service attack floods a website, application, network, or service with traffic from many sources to make it slow or unavailable.
Why is it called distributed?
The traffic comes from many devices, networks, or locations instead of one obvious source, which makes blocking the attack harder.
Are botnets used in DDoS attacks?
Yes. Botnets are commonly used to send large volumes of coordinated traffic from compromised devices.
How can businesses prepare for DDoS attacks?
Use DDoS protection, resilient hosting, traffic monitoring, rate limiting, incident response plans, and provider escalation paths.