Get Started
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get Started
Cybersecurity 101 / Threat Intelligence / Distributed Denial of Service (DDoS)

What is DDoS (Distributed Denial of Service) Attack?

Distributed Denial of Service (DDoS) attacks overwhelm systems with traffic. Learn how to protect your organization from these disruptive threats.
By SentinelOne Updated: July 23, 2025

Distributed Denial of Service (DDoS) attacks overwhelm a target’s resources, causing disruptions. This guide explores how DDoS attacks work, their potential impacts, and effective mitigation strategies.

Learn about the importance of DDoS protection solutions and incident response planning. Understanding DDoS attacks is crucial for organizations to maintain network availability.

Distributed Denial Of Service - Featured Images | SentinelOne

What May Cause a Distributed Denial of Service (DDoS)?

A distributed denial of service (DDoS) attack is caused by an attacker who uses multiple systems, often a botnet, to send high traffic or requests to a targeted network or system. This can be achieved through a variety of methods, such as:

  1. Flooding the targeted system with traffic from multiple sources: In this attack, the attacker uses multiple systems to send traffic to the targeted network or system, overwhelming it and making it unavailable to legitimate users.
  2. Exploiting vulnerabilities in software or hardware: The attacker can exploit vulnerabilities in software or hardware to cause the targeted system to crash or become unavailable.
  3. Overwhelming the system with legitimate requests: The attacker can send a high volume of legitimate requests to the targeted system, overwhelming it and making it unavailable to legitimate users.

These attacks can be difficult to detect and prevent, as they may not necessarily involve malicious or unauthorized activity. However, they can cause significant disruption and damage to the targeted network or system and have serious financial and legal consequences for the organization.

What Types of Distributed Denial of Service (DDoS) Attacks?

Distributed denial of service (DDoS) attacks are often used as a smokescreen or distraction to hide other cyber attacks. For example, while a DDoS attack is underway, the attacker may use other tactics, such as malware or ransomware, to gain access to the targeted system or network. This can make it difficult for organizations to detect and respond to the attack, as they may be focused on the DDoS attack and not realize that another malicious activity is occurring.

As DDoS attacks become more sophisticated and effective, they may evolve to incorporate other cyber attacks. For example, attackers may use a DDoS attack to overwhelm the targeted system or network and then use malware or ransomware to compromise the system, steal sensitive data, or disrupt operations. In this way, a DDoS attack can serve as a stepping stone to other cyber attacks, making it even more dangerous and difficult to defend against.

There are several different types of distributed denial of service (DDoS) attacks, including:

  1. Network-layer attack: This type of attack involves overwhelming the targeted network or system with traffic from multiple sources, such as by flooding it with packets.
  2. Application-layer attack: This type of attack involves exploiting vulnerabilities in an application or service, such as a web server, to cause it to crash or become unresponsive.
  3. Protocol attack: This type of attack involves exploiting vulnerabilities in network protocols, such as TCP or UDP, to cause the targeted system to crash or become unresponsive.
  4. Amplification attack: This type of attack involves using a reflection technique, such as DNS amplification, to amplify the volume of traffic sent to the targeted system.
  5. Hybrid attack: This type of attack combines multiple attack vectors, such as network-layer and application-layer attacks, to create a more complex and effective attack.

These are just a few examples of the many types of DDoS attacks that can be used to disrupt the availability of a network or system. To protect against these threats, organizations can implement security controls and practices, such as firewalls, intrusion detection and prevention systems, and regular updates and patches.

What are Some Examples of Distributed Denial of Service (DDoS) Attacks?

There have been several high-profile distributed denial of service (DDoS) attacks in recent years, including:

  1. Mirai botnet attack (2016): This attack targeted the Krebs on Security website and other major websites, using a botnet of Internet of Things (IoT) devices to generate a high traffic volume.
  2. Dyn DNS provider attack (2016): This attack disrupted access to major websites such as Twitter and Netflix, using a botnet of compromised devices to generate a high traffic volume.
  3. GitHub attack (2018): This attack targeted the GitHub website, using a botnet of compromised devices to generate a traffic volume of 1.3 terabits per second, the largest DDoS attack recorded at the time.
  4. Cloudflare attack (2022): This attack targeted the Cloudflare content delivery network (CDN), using a botnet of compromised devices to generate a traffic volume of 1.7 terabits per second, the largest DDoS attack recorded to date.

These examples illustrate the potential impact and scale of DDoS attacks and the need for organizations to implement effective security controls and practices to protect against these threats.

What is the Difference Between DoS and DDoS Attacks?

The main difference between a denial of service (DoS) attack and a distributed denial of service (DDoS) attack is the number of systems involved. In a DoS attack, the attacker uses a single system to send high traffic or requests to a targeted network or system, overwhelming it and making it unavailable to legitimate users. In a DDoS attack, the attacker uses multiple systems, often called a botnet, to send a high volume of traffic or requests to the targeted network or system, overwhelming it and making it unavailable. This makes a DDoS attack more difficult to detect and prevent, as the traffic appears to be coming from multiple legitimate sources. To protect against both types of attacks, organizations can implement security controls, such as firewalls and intrusion detection and prevention systems, regularly update software and provide employee training on cybersecurity best practices.

How to Stay Safe from Distributed Denial of Service (DDoS) attacks?

To stay safe from distributed denial of service (DDoS) attacks, organizations can implement the following security controls and practices:

  1. Firewalls and intrusion detection and prevention systems: These can be used to block or filter incoming traffic, and to detect and prevent potential DDoS attacks.
  2. Load balancers and content delivery networks (CDNs): These can be used to distribute incoming traffic across multiple servers, reducing the impact of a DDoS attack on any single server.
  3. DDoS protection services: Organizations can use specialized DDoS protection services to monitor incoming traffic and block or filter malicious traffic before it reaches the targeted system.
  4. Regular updates and patches: Keeping software and operating systems up to date with the latest patches and updates can help to prevent attackers from exploiting known vulnerabilities.
  5. Employee training and awareness: Providing employees with training and awareness programs can help to educate them on the risks and consequences of DDoS attacks, and how to identify and avoid potential threats.

By implementing these measures and regularly reviewing and updating them as needed, organizations can reduce their risk of being impacted by a DDoS attack and maintain the availability of their systems and networks.

Conclusion

There is still much unknown about distributed denial of service (DDoS) attacks. For example, the exact number of DDoS attacks that occur each year is difficult to determine, as many attacks go unreported or are not detected. In addition, the motivations and origins of DDoS attacks can be difficult to determine, as attackers often use sophisticated techniques to hide their identities and locations.

Another area of uncertainty is the future evolution of DDoS attacks. As technology and the internet continue to evolve, new attack vectors and methods will likely emerge, making detecting and preventing DDoS attacks more challenging. In addition, using artificial intelligence and machine learning in DDoS attacks is a growing concern, as these technologies could be used to make attacks more effective and harder to defend against.

Overall, the constantly changing nature of DDoS attacks makes it difficult to predict their future evolution and impacts, and organizations need to be prepared to adapt and respond to new threats as they emerge.

Distributed Denial Of Service FAQs

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack overwhelms a target—such as a website or network—with traffic from many compromised computers. Attackers control a network of infected devices, called a botnet, to flood servers with requests. When legitimate users try to connect, they find the service slow or completely unavailable.

You can think of it like thousands of people crowding a store entrance at once, blocking real customers.

How Does a DDoS Attack Differ from a DoS Attack?

A Denial of Service (DoS) attack comes from a single machine or location, while a DDoS attack uses many distributed devices. With a DoS, an attacker needs enough bandwidth or power in one place to flood the target.

In a DDoS, the attacker harnesses the combined resources of multiple hosts, making it harder to block and trace. The result is often a larger volume of traffic.

How Does a DDoS Attack Work?

Attackers infect devices—computers, routers, even IoT gadgets—with malware to build a botnet. Then, they send a command to all bots to request the target’s address. The bots then flood the target with connection attempts or data packets.

This flood consumes the server’s bandwidth, CPU, or memory, causing slowdowns or crashes. Victims see errors, timeouts, or an inaccessible service.

What are the Common Types of DDoS Attacks?

Volume-based attacks blast the target with massive data traffic, measured in gigabits per second. Protocol attacks exploit weaknesses in network protocols, like TCP SYN floods that tie up server resources. Application-layer attacks send seemingly valid requests—such as HTTP GET floods—to exhaust web servers. Each focuses on a different layer of the network stack, but all aim to disrupt normal operations.

How can Organizations Detect a DDoS Attack in Progress?

Watch for sudden spikes in traffic or unusual patterns, like thousands of requests from the same IP range or rapid bursts of small packets. Network tools and firewalls can flag abnormal volumes or protocol errors. Slow website performance and repeated connection timeouts are red flags.

You should set up alerts on bandwidth thresholds and analyze logs for traffic anomalies to catch an attack early.

What Mitigation Techniques are used to Counter DDoS Attacks?

Organizations route traffic through scrubbing centers or DDoS-aware CDNs that filter out malicious requests. Rate limiting and IP reputation blocks throttle suspicious sources. Firewalls and intrusion prevention systems can drop packets matching attack signatures. For large assaults, traffic can be rerouted to cloud-based DDoS protection services that absorb the flood before it hits your network.

Discover More About Threat Intelligence

Threat Intelligence

What is the MITRE ATT&CK Framework?

The MITRE ATT&CK framework provides a comprehensive view of adversary tactics. Learn how to utilize it for enhancing your security measures.

Read More

Threat Intelligence

What is Threat Hunting?

Threat hunting proactively identifies security threats. Learn effective strategies for conducting threat hunting in your organization.

Read More

Threat Intelligence

What is Cyber Threat Intelligence?

Cyber threat intelligence (CTI) helps organizations predict, understand, and defend against cyber threats, enabling proactive protection and reducing the impact of attacks. Learn how CTI enhances cybersecurity.

Read More

Threat Intelligence

What is an Advanced Persistent Threat (APT)?

Advanced Persistent Threats (APTs) pose long-term risks. Understand the tactics used by APTs and how to defend against them effectively.

Read More

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo