DDoS Attack

A Distributed Denial of Service (DDoS) attack is a coordinated attempt to make an online service, network, or system unavailable by overwhelming it with traffic or requests from multiple compromised sources.

Expanded Explanation

1. Technical Function and Core Characteristics

A DDoS attack uses multiple distributed systems, often part of a botnet of compromised devices, to send large volumes of traffic or protocol requests to a target. The goal is to exhaust network bandwidth, server resources, or application capacity so that legitimate users cannot access the service.

DDoS attacks use different vectors, including network-layer floods such as User Datagram Protocol (UDP) and ICMP, transport-layer attacks such as SYN floods, and application-layer attacks such as Hypertext Transfer Protocol (HTTP) GET or Domain Name System (DNS) query floods. Adversaries may combine vectors in multi-vector attacks to complicate detection and mitigation.

2. Enterprise Usage and Architectural Context

Enterprises address DDoS attacks within broader cyber defense and business continuity architectures. Security and infrastructure teams implement layered controls at the network edge, in data centers, and in cloud environments, often integrating on-premises (on-prem) appliances with cloud-based scrubbing services.

Architectures may use traffic monitoring, rate limiting, blackholing or sinkholing, and rerouting of suspicious traffic to scrubbing centers that filter malicious packets before forwarding clean traffic. Organizations incorporate DDoS response procedures into incident response plans and service-level objectives for availability and resilience.

3. Related or Adjacent Technologies

DDoS defense relates to firewalls, intrusion detection and prevention systems, web application firewalls, and content delivery networks that distribute load and absorb traffic. Border Gateway Protocol (BGP) routing controls and anycast addressing also contribute to distributing and managing attack traffic.

Security Information and Event Management (SIEM) platforms and network telemetry tools provide visibility into anomalous traffic patterns that indicate DDoS activity. Threat intelligence services supply data on botnets, attack trends, and malicious infrastructure that support detection and preemptive controls.

4. Business and Operational Significance

DDoS attacks affect service availability, customer access, and digital business operations. For enterprises that depend on online services, interruptions can affect revenue, contractual commitments, Service Level Agreements (SLAs), and regulatory or compliance obligations related to availability and resilience.

Security leaders, enterprise architects, and operations teams use DDoS risk assessments, tabletop exercises, and capacity planning to determine appropriate protections and response capabilities. This includes selecting mitigation providers, defining escalation paths, and aligning DDoS defense with overall cyber risk management.