What Is a DDoS Attack?
a DDoS Attack — a Distributed Denial-of-Service attack — overwhelming a target with traffic from many compromised machines at once, until it can't serve legitimate users.
How it works
Attackers control a botnet of thousands of compromised devices and direct them all to flood a target simultaneously. The sheer volume exhausts the target's bandwidth, connections or processing — legitimate requests can't get through. "Distributed" is the key: coming from thousands of sources, it's far harder to block than a single-source DoS.
Why it matters
DDoS attacks the Availability pillar of the CIA triad and is a constant threat SOC teams monitor for. Defences include traffic scrubbing services, rate limiting and upstream filtering. Recognising DDoS traffic patterns is core CyberOps knowledge.
Frequently asked questions
What is a DDoS attack?
A Distributed Denial-of-Service attack floods a target with traffic from many compromised machines at once, exhausting its resources so legitimate users can't connect.
What is the difference between DoS and DDoS?
DoS comes from a single source; DDoS comes from many distributed sources (a botnet), making it far harder to block by filtering one address.
How are DDoS attacks mitigated?
Through traffic-scrubbing services, rate limiting, upstream provider filtering, and architectures that absorb or distribute the load.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.