DDoS Attack
Threat IntelligenceDefinition
Overwhelming target systems with excessive traffic to disrupt service availability.
Technical Details
A Distributed Denial of Service (DDoS) attack occurs when multiple compromised systems, often part of a botnet, are used to flood a target system with a massive volume of traffic, overwhelming its resources and rendering it unable to respond to legitimate requests. This can be executed through various methods such as SYN floods, UDP floods, and HTTP request floods. The attack can target various layers of the OSI model, primarily focusing on the Network layer (Layer 3) and the Application layer (Layer 7). Mitigation strategies may include rate limiting, traffic analysis, and deploying DDoS protection services.
Practical Usage
DDoS attacks are commonly used by malicious actors to disrupt services for businesses, government organizations, and critical infrastructure. Organizations may implement DDoS mitigation solutions to protect their online services. This includes setting up redundant network configurations, utilizing content delivery networks (CDNs) to absorb excess traffic, and employing specialized DDoS protection services that can identify and filter malicious traffic in real-time.
Examples
- In 2016, the Dyn DDoS attack targeted the DNS provider Dyn, causing significant disruptions to major websites such as Twitter, Netflix, and Reddit.
- In 2020, a DDoS attack against Google Cloud was reported to have peaked at 2.54 terabits per second, targeting multiple services and showcasing the growing scale of such attacks.
- In September 2017, the website of the UK Parliament was targeted by a DDoS attack that disrupted services for several hours, affecting access to online resources.