Cybersecurity

What Is a DDoS Attack?

a DDoS Attack — a Distributed Denial-of-Service attack — overwhelming a target with traffic from many compromised machines at once, until it can't serve legitimate users.

How it works

Attackers control a botnet of thousands of compromised devices and direct them all to flood a target simultaneously. The sheer volume exhausts the target's bandwidth, connections or processing — legitimate requests can't get through. "Distributed" is the key: coming from thousands of sources, it's far harder to block than a single-source DoS.

Why it matters

DDoS attacks the Availability pillar of the CIA triad and is a constant threat SOC teams monitor for. Defences include traffic scrubbing services, rate limiting and upstream filtering. Recognising DDoS traffic patterns is core CyberOps knowledge.

Frequently asked questions

What is a DDoS attack?

A Distributed Denial-of-Service attack floods a target with traffic from many compromised machines at once, exhausting its resources so legitimate users can't connect.

What is the difference between DoS and DDoS?

DoS comes from a single source; DDoS comes from many distributed sources (a botnet), making it far harder to block by filtering one address.

How are DDoS attacks mitigated?

Through traffic-scrubbing services, rate limiting, upstream provider filtering, and architectures that absorb or distribute the load.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.