Attacks & Threats
Distributed Denial-of-Service (DDoS) Attack
Also known as: DDoS
Definition
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
Examples
- A 1.5 Tbps Mirai-style botnet floods a DNS provider with UDP traffic, knocking dependent sites offline.
- An HTTP/2 "Rapid Reset" flood from thousands of clients exhausts a load balancer's CPU.
Related terms
Denial-of-Service (DoS) Attack
An attack that exhausts a system's bandwidth, compute, memory, or application resources so that legitimate users can no longer access the service.
DDoS Amplification
A DDoS technique that abuses UDP-based services to reflect responses many times larger than the spoofed request, allowing small attackers to generate massive flood volumes.
DNS Amplification Attack
A reflection DDoS attack that abuses open DNS resolvers by sending small queries with the victim's spoofed IP, causing resolvers to send large DNS responses to the victim.
NTP Amplification Attack
A reflection DDoS attack abusing the NTP MONLIST (and similar) commands to make NTP servers reply with very large packets to a spoofed victim address.
SYN Flood
A TCP-based denial-of-service attack that sends many SYN packets without completing the three-way handshake, exhausting the target's connection-state resources.
Botnet
A network of internet-connected devices infected with malware and remotely controlled by an attacker to perform coordinated activities.