Technology
This image show that A visually engaging infographic explaining DDoS attacks (distributed denial of service) and their types, impacts, and prevention methods. The design features a digital theme with interconnected elements illustrating different attack strategies and security measures.

What is a DDos attack in cyber security? and How to Protect Against It

by
M Usman
    

You watch a lot of news videos, websites, channels, and organizations that talk about security threats. You realize how serious and rapidly increasing these threats are. I have also discussed these threats in detail on my site. But today, I want to talk about a particular threat, which is called a DDoS attack, short for Distributed Denial of Service.

You can think of this threat like this: Imagine you own a business, and suddenly, a huge crowd of people rushes in, making it impossible for you to focus on your real customers. Or, think of it like having a supermarket where you sell everything, from food to toys for kids. Suddenly, there’s such a big crowd that you can’t even notice, and your real customers can’t even get into your store. This is exactly what happens in a DDoS attack.

It works similarly when you’re running a website. Imagine you’re working on your website and everything is going fine, but then suddenly, an overwhelming amount of fake traffic floods your website, making it impossible for real users to access it. This is how a DDoS attack functions.

You know that DDoS crimes are becoming one of the most common and complicated types of cybercrimes. According to my research, in 2023 and 2024, the number of DDoS crimes reached millions, which is a 35% increase compared to 2022. This is because, as you know, the use of digital devices is increasing a lot, and people rely heavily on them. That’s why in this post, I will explain what DDoS crimes are, what types there are, and how to protect yourself from them.

Let’s get started!

What is a DDoS attack in cyber security?

A diagram illustrating a Distributed Denial-of-Service (DDoS) attack. The image shows an attacker using a controller server to command multiple compromised computers (zombies) to flood a victim's server with excessive traffic, causing it to become unresponsive. Red arrows represent the flow of attack traffic towards the victim.

DDoS is a type of cyber attack that sends a huge amount of traffic to your website, which makes it slow and eventually causes it to shut down. This attack is carried out using different computers and devices that work together to attack the website. The main aim of this attack is to make sure that users can’t access the website or service.

  • To make it clearer, let me give you an example. Between 2022 and 2024, there was a trend in our city where people worked on websites like X Blogs. They would get approval for these sites and then use software to send a lot of traffic to them, making money in dollars and tricking Google. This is a simple example of traffic. DDoS attacks work in a similar way, but the difference is that in DDoS attacks, many computers and mobiles send so much traffic to a website or network that the system becomes slow, gets stuck, and shuts down.

When an attack happens on a popular website, it can cause a lot of damage. For example, if a news website or a government website is attacked, the company doesn’t have full control over it anymore. The attacker gets full control and can do anything they want. This can cause business losses, financial damage, security problems, and harm the website’s reputation.

Types of DDoS Attacks

There are three types of DDoS that are used to affect a network:

  • Volume-Based Attacks
  • Protocol Attacks
  • Application Layer Attacks

1. Volume-Based Attacks

When a hacker attacks a network or a government website, they send so much traffic to that site that the bandwidth gets full. As a result, the website or network slows down, does not work properly, and eventually shuts down.

You might be wondering, What is bandwidth?

Think of bandwidth like speed. Here’s a simple example:
Imagine you are washing your hands or standing near a water tank, filling a bucket. If the pipe is small, the water flow will be slow. If the pipe is big, the water flow will be fast. Bandwidth works in the same way—it controls how much data can flow through a network at one time.

Bandwidth is measured in Mbps (megabits per second) or Gbps (gigabits per second).

  • If your internet speed is 10 Mbps, it is slow.
  • If it is 100 Mbps, it is fast.
  • If it is 1 Gbps, it is very fast.

This is how hackers overload a website’s bandwidth to slow it down or shut it down completely. Such attacks also use Ping Flood, which works by overloading a website or server with ping requests.

  1. A ping is a command that checks whether a website or server is online or not.

For example, when you type ping google.com, your computer is basically asking Google, “Are you online?” Google then responds, “Yes, I am online!”

Now, in a Ping Flood Attack, a hacker sends thousands or even millions of ping requests at the same time. The server tries to respond to each ping, but due to the huge number of requests, it gets overloaded. As a result, the server slows down or completely shuts down because it cannot handle the heavy load.

Examples:

  • UDP Floods
  • ICMP Floods (Ping Floods)
  • Amplification Attacks

2. Protocol Attacks

When you are using your system or network, these attacks try to find weaknesses in your protocols like TCP or ICMP. Once they find these weaknesses, they start taking advantage of them. They send a huge number of fake requests to your system. Because of these fake requests, the system’s resources, like CPU and memory, become full.

As you know, when the CPU or memory of a computer or system becomes full, the system becomes very slow and sometimes stops working properly until the memory or CPU is cleared. These attacks take advantage of this situation. As a result, real users cannot reach your system or use your services.

Examples

These are some examples where attackers send too much traffic or too many requests to your system and try to make it weak:

  • SYN Flood
  • Smurf Attack
  • Ping of Death

In all these cases, the goal is to overload your system with fake traffic and slow it down or make it stop working.

3. Application Layer Attacks

From all the research I have done, I think this attack is the smartest, most clever, and most dangerous. This is because many people work on web applications and websites, and hackers mostly target them directly. Big websites, including government websites, are often attacked like this, so that real users cannot reach them, and the website becomes slow or completely shuts down.

You know, these attacks feel like normal activity, and sometimes it becomes very hard to detect them. These attacks use normal-looking requests, and even if the system is strong, it still gets confused and cannot easily tell which request is real and which is fake.

  • Let me give you a real-life example of my friend. My friend has a clothing shop. One day, 20 to 25 women came to his shop to buy clothes. But instead of buying anything, they just kept asking him to show different clothes, opening and checking them. In the end, no one bought anything, and my friend became stressed. He even warned his worker to keep an eye so no one steals anything.

In the same way, during these attacks, too much traffic comes in—so many requests—that the system cannot figure out which one is real and which one is fake. The result is that the system becomes busy or stops working.

The damage from this attack is huge. It can make a website go offline for hours or even days, and it also causes financial loss. People like investors or users who depend on daily updates cannot use the website during this time.

There are also some examples of how they attack.

  • HTTP Floods
  • Slowloris Attack
  • DNS Query Floods

Notable Real-World DDoS Attacks

I’ll give you real-world examples to help you understand how dangerous this attack is and what it can do.

  • GitHub (2018)

While I was doing research, I found out that in 2018, the company GitHub faced the world’s biggest DDoS attack. The attacker sent 1.35 terabits of fake traffic every second to the website, which made GitHub very slow and eventually caused it to shut down. When the company owner found out, they quickly tried to stop the attack to avoid further damage. You might be wondering, what is GitHub? GitHub is a famous website that helps people share and store programs and code. I learned about this during my research from different websites, and now I am sharing it with you.

  • Dyn DNS (2016)

I don’t know if someone has written about this attack in full detail on any website, but I do know that when I was at university in 2016, there were both English and Urdu newspapers available there. One day, I read in the English newspaper about a big DDoS attack in 2016 on a company called Dyn DNS. This attack was done using something called the Mirai botnet. When hackers attacked Dyn DNS, many popular websites that depended on it stopped working too. This was one of the biggest attacks at the time. The websites affected included Twitter, Netflix, and PayPal, which caused a lot of problems for users.

How DDoS Attacks Work

This image shows common cyber attacks like DDoS, password hacking, virus attacks, and ransomware. It highlights the importance of strong protection to secure your systems.
  • Research

A hacker first does deep research on famous websites, computers, mobile phones, and other networks. After studying them, if the hacker finds a way to benefit from an attack, they try to install malware on those devices. Malware is a harmful software that can damage or take control of a system. Once the malware is installed successfully, the hacker gains full control of that system through a secret way, called a backdoor. This whole setup is known as a botnet.

  • WiFi hack

In the next step, the hacker does not directly attack the company’s network from their own network because security systems might easily catch them. Instead, the hacker looks for nearby Wi-Fi signals—maybe within 100 or 200 meters—and tries to hack into someone’s Wi-Fi so their real identity stays hidden. Once they hack the Wi-Fi, they connect to it and start controlling different devices.

  • Botnet

Now, with the botnet, the hacker can control those infected devices from far away and prepare them to send fake traffic to a target. You might be wondering, What exactly is a botnet? A botnet is a group of infected devices or networks that the hacker fully controls. Using this, the hacker can send huge amounts of fake traffic to any website and shut it down. Even sitting far away

  • IoT (Internet of Things)

The weakest systems are usually IoT (Internet of Things) devices, like smart cameras, smart home devices, or security cameras used in homes, on streets, or even near ATMs. These devices are often not very secure and are easy to hack. Hackers use them in DDoS attacks to make them part of the botnet.

Now you can understand how hackers create DDoS attacks and how they use infected devices to carry out these attacks successfully.

How to Protect Against DDoS Attacks

There are some methods that I am going to share with you that you can use to keep your system secure.

A. Proactive Measures (Preventative Security)

  • Use a Web Application Firewall (WAF)

If you are running your own website, using any software, or working as an assistant in a company or organization, then you should install a firewall like AWS WAF or Cloudflare WAF in your system. This firewall helps block harmful traffic and only allows safe and organic traffic to enter.

  • Enable Rate Limiting & Traffic Filtering

You should also enable Rate Limiting and Traffic Filtering. How does this work? Well, there is usually an option for this in your system settings. If not, you will need to set it up manually. You can find its setup guides on different platforms online where you can learn more about how to configure it.

The main job of rate limiting is to allow only a limited number of traffic requests at one time. If too much traffic tries to enter your system at once, this feature blocks the extra requests automatically. This is how it helps protect your system.

  • Deploy a Content Delivery Network (CDN)

Use a CDN (Content Delivery Network) because it helps divide heavy internet traffic across different servers. This way, no single server gets overloaded, and your website or service keeps working smoothly.

  • Implement Intrusion Detection & Monitoring Tools

Also, use tools like antivirus software. These tools help you detect any suspicious activity on your system early. Once you know there is a problem, you can take quick action to stop it and protect your system.

B. Responding to a DDoS Attack

  • Identify the type of attack

If your system is hit by a DDoS attack, the first thing you should do is find out what type of attack it is. Check if your system is receiving too much traffic (volume attack), if there is a problem with the protocol, or if the attack is happening on the application layer.

  • Contact Your Hosting Provider

Once you identify the type of attack, contact your hosting provider. They will guide you on how to protect your system. If you notice any suspicious or harmful IP addresses causing the attack, block them immediately.

You should also use software that limits the number of requests your system can accept at one time. This will automatically remove or block any extra traffic.

  • Activate Backup Servers

One important thing is to always keep a backup of your system. This way, if something goes wrong, you will have your saved data ready.

  • Block spam comments and traffic

For example, on my own website, I use a tool called Akismet Anti-Spam plugin to block spam comments and traffic. If you are working on a WordPress site, a Blogger site, or managing a company’s website, make sure to install a similar plugin or software to protect the system.

Conclusion

Now you understand how dangerous DDoS attacks can be. They can slow down or even shut down your website, software, or any government or company website by sending too much traffic. This can cause a big financial loss and stop real users from accessing the site. So in this I also told you about its working, how it works, and attacks.

I have shared all my research and experience with you. When I was in university, a similar attack happened in 2016, which I mentioned earlier. That’s why I also gave you some useful tips to protect yourself from heavy traffic and DDoS attacks. Always protect your website, accounts, or applications by using antivirus software. Antivirus protection is important to avoid such problems.

If you have any questions now or in the future, feel free to contact me by email or ask me in the comment box.

More Information: Click Here

FAQ

What is a DDoS attack?

DDoS is a type of cyber attack where a website is flooded with a huge amount of traffic on purpose. This makes the website slow or shuts it down completely so that real visitors cannot access the site.

Why do hackers carry out DDoS attacks?

These attacks usually happen when hackers want to demand money from a big company or agency after attacking them. Sometimes, hackers do this just to show their power to the world or for a specific purpose. These are the two common reasons why such attacks happen.

How can we protect our website from DDoS attacks?

To protect your website from DDoS attacks, you should use DDoS protection tools like firewalls, CDNs (content delivery networks), and antivirus software. These tools will help you stay safe from such threats.


M Usman
    

Leave a Comment

Beginner’s Guide to Technology offers simple and easy-to-understand tutorials, tips, and resources to help newcomers explore the world of technology.

Facebook Reddit Quora

Pages

Contact Information

  • uqzaman800@gmail.com
  • From: Pakistan
Please enable JavaScript in your browser to complete this form.
Name