What Is DDoS? Exploring Types, Mechanisms, and Prevention

What is DDoS?

DDoS attacks are attempts by attackers to exhaust the resources of a network, application, or service so that legitimate users cannot access them. They are generated by a botnet of compromised computers or voluntarily participating client machines that aim to drain specific network, website, or service resources.

DDoS attacks come in various forms, including flood attacks that rely on massive traffic or sessions (e.g., TCP SYN, ICMP, UDP floods) and more advanced application‑layer techniques such as Slowloris or KillApache.

According to Kaspersky's Q2 2011 DDoS report, HTTP flood attacks—an application‑layer method—were the most common, indicating a shift from traditional high‑volume attacks to sophisticated application‑layer assaults.

Large‑Volume Attacks

Large‑volume attacks overwhelm network bandwidth and infrastructure by flooding them with massive traffic, exhausting capacity and rendering the network inaccessible. Examples include ICMP, fragment, and UDP floods.

TCP State Exhaustion Attacks

TCP state exhaustion attacks aim to fill the connection state tables of infrastructure components such as load balancers, firewalls, and application servers. Devices must track each packet’s connection state, and attacks like Sockstress open numerous sockets to overflow these tables, crippling the devices.

Application‑Layer Attacks

Application‑layer attacks use sophisticated mechanisms that target specific applications or services, consuming resources slowly rather than flooding the network. Because the traffic may appear legitimate, these attacks are harder to detect. Examples include HTTP floods, DNS amplification, and Slowloris.