How Does a DDoS Attack Work?
A DDoS attack works when several different IP addresses target the same platform at the same time, which can overwhelm the server in question and bring it down.
Often, this attack is carried out by what’s known as a “botnet.” A botnet refers to a collection of devices that have been infected with malware, meaning they can be controlled remotely by a single perpetrator. On other occasions, DDoS is executed by several different actors at the same time.
To make matters more complicated, there are a few different types of DDoS attack, while I’ll cover in the section below.
Amplification attacks
In this type of attack, the malicious actors in question send a request to a domain name system (DNS) server with an IP address spoofed to that of the target. This leads to the target being inundated with a large volume of unsolicited responses, which brings down the target server.
Bandwidth saturation
Networks have a finite bandwidth. Once this has been eclipsed, the network is unable to function properly. Attacks of this kind preoccupy this bandwidth by spamming the network with traffic.
Cloud resource exploitation
Cloud resource exploitation refers to attacks that seek to take advantage of cloud computing’s main advantage – its scalability.
Degradation of service
This variation on the DDoS attack doesn’t try to completely knock a server offline. Rather, it hits a server with a moderate volume of spam traffic, which affects the service but remains largely undetected.
DDoS attacks vs DoS attacks
DDoS attacks differ from denial of service (DoS) attacks in that they rely upon several different IP addresses. Because of this, the attack is much harder to pin down and prevent. DoS attacks originate from a single IP address.
