A Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Five years running.A Leader in the Gartner® Magic Quadrant™Read the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI Security Portfolio
      Leading the Way in AI-Powered Security Solutions
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly ingest data from on-prem, cloud or hybrid environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Identity Security
    • Singularity Identity
      Identity Threat Detection and Response
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-class Expertise and Threat Intelligence.
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      Digital Forensics, IRR & Breach Readiness
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive solutions for seamless security operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • Partner Locator
      Your go-to source for our top partners in your region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
Background image for What is DDoS (Distributed Denial of Service) Attack?
Cybersecurity 101/Threat Intelligence/Distributed Denial of Service (DDoS)

What is DDoS (Distributed Denial of Service) Attack?

Distributed Denial of Service (DDoS) attacks overwhelm systems with traffic. Learn how to protect your organization from these disruptive threats.

CS-101_Threat_Intel.svg
Table of Contents

Related Articles

  • What Is Predictive Threat Intelligence? How AI Helps Anticipate Cyber Threats
  • Cyber Threat Intelligence Lifecycle
  • What Is Behavioral Threat Detection & How Has AI Improved It?
  • What is Fileless Malware? How to Detect and Prevent Them?
Author: SentinelOne
Updated: July 25, 2025

Distributed Denial of Service (DDoS) attacks overwhelm a target’s resources, causing disruptions. This guide explores how DDoS attacks work, their potential impacts, and effective mitigation strategies.

Learn about the importance of DDoS protection solutions and incident response planning. Understanding DDoS attacks is crucial for organizations to maintain network availability.

Distributed Denial Of Service - Featured Images | SentinelOne

What May Cause a Distributed Denial of Service (DDoS)?

A distributed denial of service (DDoS) attack is caused by an attacker who uses multiple systems, often a botnet, to send high traffic or requests to a targeted network or system. This can be achieved through a variety of methods, such as:

  1. Flooding the targeted system with traffic from multiple sources: In this attack, the attacker uses multiple systems to send traffic to the targeted network or system, overwhelming it and making it unavailable to legitimate users.
  2. Exploiting vulnerabilities in software or hardware: The attacker can exploit vulnerabilities in software or hardware to cause the targeted system to crash or become unavailable.
  3. Overwhelming the system with legitimate requests: The attacker can send a high volume of legitimate requests to the targeted system, overwhelming it and making it unavailable to legitimate users.

These attacks can be difficult to detect and prevent, as they may not necessarily involve malicious or unauthorized activity. However, they can cause significant disruption and damage to the targeted network or system and have serious financial and legal consequences for the organization.

What Types of Distributed Denial of Service (DDoS) Attacks?

Distributed denial of service (DDoS) attacks are often used as a smokescreen or distraction to hide other cyber attacks. For example, while a DDoS attack is underway, the attacker may use other tactics, such as malware or ransomware, to gain access to the targeted system or network. This can make it difficult for organizations to detect and respond to the attack, as they may be focused on the DDoS attack and not realize that another malicious activity is occurring.

As DDoS attacks become more sophisticated and effective, they may evolve to incorporate other cyber attacks. For example, attackers may use a DDoS attack to overwhelm the targeted system or network and then use malware or ransomware to compromise the system, steal sensitive data, or disrupt operations. In this way, a DDoS attack can serve as a stepping stone to other cyber attacks, making it even more dangerous and difficult to defend against.

There are several different types of distributed denial of service (DDoS) attacks, including:

  1. Network-layer attack: This type of attack involves overwhelming the targeted network or system with traffic from multiple sources, such as by flooding it with packets.
  2. Application-layer attack: This type of attack involves exploiting vulnerabilities in an application or service, such as a web server, to cause it to crash or become unresponsive.
  3. Protocol attack: This type of attack involves exploiting vulnerabilities in network protocols, such as TCP or UDP, to cause the targeted system to crash or become unresponsive.
  4. Amplification attack: This type of attack involves using a reflection technique, such as DNS amplification, to amplify the volume of traffic sent to the targeted system.
  5. Hybrid attack: This type of attack combines multiple attack vectors, such as network-layer and application-layer attacks, to create a more complex and effective attack.

These are just a few examples of the many types of DDoS attacks that can be used to disrupt the availability of a network or system. To protect against these threats, organizations can implement security controls and practices, such as firewalls, intrusion detection and prevention systems, and regular updates and patches.

What are Some Examples of Distributed Denial of Service (DDoS) Attacks?

There have been several high-profile distributed denial of service (DDoS) attacks in recent years, including:

  1. Mirai botnet attack (2016): This attack targeted the Krebs on Security website and other major websites, using a botnet of Internet of Things (IoT) devices to generate a high traffic volume.
  2. Dyn DNS provider attack (2016): This attack disrupted access to major websites such as Twitter and Netflix, using a botnet of compromised devices to generate a high traffic volume.
  3. GitHub attack (2018): This attack targeted the GitHub website, using a botnet of compromised devices to generate a traffic volume of 1.3 terabits per second, the largest DDoS attack recorded at the time.
  4. Cloudflare attack (2022): This attack targeted the Cloudflare content delivery network (CDN), using a botnet of compromised devices to generate a traffic volume of 1.7 terabits per second, the largest DDoS attack recorded to date.

These examples illustrate the potential impact and scale of DDoS attacks and the need for organizations to implement effective security controls and practices to protect against these threats.

What is the Difference Between DoS and DDoS Attacks?

The main difference between a denial of service (DoS) attack and a distributed denial of service (DDoS) attack is the number of systems involved. In a DoS attack, the attacker uses a single system to send high traffic or requests to a targeted network or system, overwhelming it and making it unavailable to legitimate users. In a DDoS attack, the attacker uses multiple systems, often called a botnet, to send a high volume of traffic or requests to the targeted network or system, overwhelming it and making it unavailable. This makes a DDoS attack more difficult to detect and prevent, as the traffic appears to be coming from multiple legitimate sources. To protect against both types of attacks, organizations can implement security controls, such as firewalls and intrusion detection and prevention systems, regularly update software and provide employee training on cybersecurity best practices.

How to Stay Safe from Distributed Denial of Service (DDoS) attacks?

To stay safe from distributed denial of service (DDoS) attacks, organizations can implement the following security controls and practices:

  1. Firewalls and intrusion detection and prevention systems: These can be used to block or filter incoming traffic, and to detect and prevent potential DDoS attacks.
  2. Load balancers and content delivery networks (CDNs): These can be used to distribute incoming traffic across multiple servers, reducing the impact of a DDoS attack on any single server.
  3. DDoS protection services: Organizations can use specialized DDoS protection services to monitor incoming traffic and block or filter malicious traffic before it reaches the targeted system.
  4. Regular updates and patches: Keeping software and operating systems up to date with the latest patches and updates can help to prevent attackers from exploiting known vulnerabilities.
  5. Employee training and awareness: Providing employees with training and awareness programs can help to educate them on the risks and consequences of DDoS attacks, and how to identify and avoid potential threats.

By implementing these measures and regularly reviewing and updating them as needed, organizations can reduce their risk of being impacted by a DDoS attack and maintain the availability of their systems and networks.

Enhance Your Threat Intelligence

See how the SentinelOne threat-hunting service WatchTower can surface greater insights and help you outpace attacks.

Learn More

Conclusion

There is still much unknown about distributed denial of service (DDoS) attacks. For example, the exact number of DDoS attacks that occur each year is difficult to determine, as many attacks go unreported or are not detected. In addition, the motivations and origins of DDoS attacks can be difficult to determine, as attackers often use sophisticated techniques to hide their identities and locations.

Another area of uncertainty is the future evolution of DDoS attacks. As technology and the internet continue to evolve, new attack vectors and methods will likely emerge, making detecting and preventing DDoS attacks more challenging. In addition, using artificial intelligence and machine learning in DDoS attacks is a growing concern, as these technologies could be used to make attacks more effective and harder to defend against.

Overall, the constantly changing nature of DDoS attacks makes it difficult to predict their future evolution and impacts, and organizations need to be prepared to adapt and respond to new threats as they emerge.

Distributed Denial Of Service FAQs

A Distributed Denial of Service (DDoS) attack overwhelms a target—such as a website or network—with traffic from many compromised computers. Attackers control a network of infected devices, called a botnet, to flood servers with requests. When legitimate users try to connect, they find the service slow or completely unavailable.

You can think of it like thousands of people crowding a store entrance at once, blocking real customers.

A Denial of Service (DoS) attack comes from a single machine or location, while a DDoS attack uses many distributed devices. With a DoS, an attacker needs enough bandwidth or power in one place to flood the target.

In a DDoS, the attacker harnesses the combined resources of multiple hosts, making it harder to block and trace. The result is often a larger volume of traffic.

Attackers infect devices—computers, routers, even IoT gadgets—with malware to build a botnet. Then, they send a command to all bots to request the target’s address. The bots then flood the target with connection attempts or data packets.

This flood consumes the server’s bandwidth, CPU, or memory, causing slowdowns or crashes. Victims see errors, timeouts, or an inaccessible service.

Volume-based attacks blast the target with massive data traffic, measured in gigabits per second. Protocol attacks exploit weaknesses in network protocols, like TCP SYN floods that tie up server resources. Application-layer attacks send seemingly valid requests—such as HTTP GET floods—to exhaust web servers. Each focuses on a different layer of the network stack, but all aim to disrupt normal operations.

Watch for sudden spikes in traffic or unusual patterns, like thousands of requests from the same IP range or rapid bursts of small packets. Network tools and firewalls can flag abnormal volumes or protocol errors. Slow website performance and repeated connection timeouts are red flags.

You should set up alerts on bandwidth thresholds and analyze logs for traffic anomalies to catch an attack early.

Organizations route traffic through scrubbing centers or DDoS-aware CDNs that filter out malicious requests. Rate limiting and IP reputation blocks throttle suspicious sources. Firewalls and intrusion prevention systems can drop packets matching attack signatures. For large assaults, traffic can be rerouted to cloud-based DDoS protection services that absorb the flood before it hits your network.

Discover More About Threat Intelligence

What is an Advanced Persistent Threat (APT)?Threat Intelligence

What is an Advanced Persistent Threat (APT)?

Advanced Persistent Threats (APTs) pose long-term risks. Understand the tactics used by APTs and how to defend against them effectively.

Read More
What is Spear Phishing? Types & ExamplesThreat Intelligence

What is Spear Phishing? Types & Examples

Spear phishing is a targeted form of phishing. Learn how to recognize and defend against these personalized attacks on your organization.

Read More
What is Cyber Threat Intelligence?Threat Intelligence

What is Cyber Threat Intelligence?

Cyber threat intelligence (CTI) helps organizations predict, understand, and defend against cyber threats, enabling proactive protection and reducing the impact of attacks. Learn how CTI enhances cybersecurity.

Read More
What is a Botnet in Cybersecurity?Threat Intelligence

What is a Botnet in Cybersecurity?

Botnets are networks of compromised devices used for malicious purposes. Learn how they operate and explore strategies to defend against them.

Read More
Ready to Revolutionize Your Security Operations?

Ready to Revolutionize Your Security Operations?

Discover how SentinelOne AI SIEM can transform your SOC into an autonomous powerhouse. Contact us today for a personalized demo and see the future of security in action.

Request a Demo
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • English
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2025 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use