Digital Security Guide Banner

What Is DDoS?

Our digital security team gives a deep dive into DDoS attacks and how to handle them.

All of our content is written by humans, not robots. Learn More
By
&
Aliza Vigderman
Gabe TurnerChief Editor
Last Updated May 14, 2024
By Aliza Vigderman & Gabe Turner on May 14, 2024

In a world where internet users spend about seven hours a day online, the digital world is as commonplace as the air we breathe.1 As we navigate that world, we run the risk of leaving a long and accessible paper trail of personally identifiable information (PII) in our wake. That’s why it’s important to understand digital security threats.

We recently put together a guide to personal digital security, tapping our combined security expertise to provide a 20,000-foot view of some of the biggest threats out there and how to stay safe. Now it’s time to descend a bit and take a look at DDoS attacks and how they affect our digital safety.

DDoS, or distributed denial of service, attacks are a cybercrime in which a bad actor overwhelms a server with internet traffic, rendering users unable to access internet services and sites. Affected devices can include computers and IoT devices. The attacks are serious and on the rise. Cisco predicted that the total number of DDoS attacks would double from 7.9 million in 2018 to over 15 million in 2023.2

Before we dig deeper into what the attacks are and how to guard against them, let’s start with the types of DDoS attacks.

Did You Know: IoT, or Internet of Things, is a fun umbrella term that refers to all the devices that aren’t your computer but can connect to the internet. Since they connect to the internet, DDoS attacks can affect them as well. That’s why the best smart-home security systems feature DDoS protections.

Types of DDoS Attacks

DDoS attacks come in different forms, but they all have one thing in common: They attack different components of a network connection. Let’s start there, with a quick primer on how network connections are made.

Like a floor plan of a house, there are different layers to a network connection. The OSI, or open systems interconnection, model describes seven layers systems use to communicate via an online network.3 OSI emerged in the early 1980s as the gold standard for major computer and telecom companies. Below is a simple table to lay out the architecture, per the OSI model.

7. Application layer Human-computer interaction layer. This is where applications can access network services.
6. Presentation layer Ensures that data is in a usable format. This is also where data encryption happens.
5. Session layer Controls ports and sessions and maintains connections.
4. Transport layer Transmits data using transmission protocols, which may include transmission control protocol (TCP) or user datagram protocol (UDP). TCP is connection-based; UDP does not involve connections.
3. Network layer Determines which path the data will take.
2. Data link layer Defines the format of the data on the network.
1. Physical layer Transmits raw bit stream over the physical medium.

More on How Data Flows

The OSI Model is not explicitly used in the modern internet, but it offers a simple framework for how data flows. This allows us to troubleshoot issues as they come up, whether it’s one user who can’t get their computer online or Amazon being down for millions of users.

>> Learn More: How to Prevent Being Scammed Online in 2024

Throughout this model, there may be other terms you recognize. The first layer — the application layer — for example, is where we encounter protocols such as HTTP, as well as SMTP (simple mail transfer protocol), which enables email communications. The network layer is where we encounter packets, small units on a sender’s device that are then reassembled on the receiver’s device.

Let’s get back to DDoS and how the attacks can manifest along different rungs of the model — earlier, in the middle, or even at the physical layer.

Where DDoS Attacks Can Crop Up

Recalling our handy-dandy OSI model, DDoS attacks are most common during four layers: network (layer 3), transport (layer 4), presentation (layer 6), and application (layer 7).

The most common DDoS attacks happen at layers three and four, and may include:

  • Synchronized (SYN) floods and attacks such as UDP floods. Think of an SYN flood as a worker in the backroom receiving many requests from the front of the store. Sounds overwhelming, right?
  • Such attacks are usually very large and seek to inundate the capacity of a network or application server.
  • The attacks also have clear signatures and, as a general rule, are easier to detect.

DDoS attacks also happen at layers six and seven. Here’s what to know about those attacks:

  • They are less ubiquitous, but they are usually more devastating.
  • Generally smaller in nature, they target expensive parts of the application, making them unavailable to users. An example of that is an avalanche of HTTP requests to a login page.
  • Another example of a DDoS attack at the application or presentation layers is a WordPress pingback attack, which has impacted the popular content-management system.
  • WordPress has a pingback feature that informs the blog owner when another website links to a page of the WordPress blog. On the flip side, though, the tool can be exploited for discovering computers on a network or for DDoS attacks.

>> Read More: How to Unblock a Website: Step-by-Step Instructions

A Brief History of DDoS Attacks

Remember the old saying, “Those who do not know their history are doomed to repeat it”? That also applies to digital security. Below are a few of the most notable DDoS attacks over the past decades.

  • Perhaps the first instance of a DDoS attack brings us back to the groovy days of the 1970s. Not all was groovy, however, at the Computer-Based Education Research Laboratory (CERL) at the University of Illinois, Urbana-Champaign, in 1974, when a PLATO computer user learned about a new command that could be run on the computer terminals at CERL — effectively locking up the system.4 At the time, PLATO was a premier computerized shared learning system.
  • Other early DDoS attacks include 1996’s attack on Panix, an early ISP. The service was sent offline for several days by what’s called an SYN flood, which inundates a server with a ton of initial connection request packets all at once. We’ll get more into the various kinds of DDoS attacks later on.

FYI: It may surprise you, but different states have different cybersecurity risks. Whether it’s due to state legislation or the specific companies in certain states, each state’s risk of a cyberattack varies widely. The highest-risk state has a risk level four times higher than the lowest-risk state.

  • In 2018, software developer platform GitHub was hit with a DDoS attack that clocked in at 1.35 terabits per second. The attack lasted for about 15 to 20 minutes.5 GitHub tapped Akamai Prolexic, its DDoS mitigation service, which took over as an intermediary and blocked suspicious packets. Soon after, the attackers relented.
  • In 2022, Google’s DDoS Response Team announced that a Google Cloud Armor customer was hit with a number of HTTPS DDoS attacks. The attacks peaked at 46 million requests per second.6 To put that in perspective, Google says that’s tantamount to receiving all the daily requests to Wikipedia — one of the most trafficked websites in the world — in only 10 seconds. Because the customer had Cloud Armor, the attack was thwarted before it fully ramped up, and the customer’s service stayed online the whole time.

>> Learn About: How to Delete Personal Information From Google

How to Protect Against DDoS Attacks

Finally, the section you’ve been waiting for. How do you stop these attacks and keep your devices and networks safe? We’ve put together a list of best practices to guard against the different kinds of DDoS attacks out there.

As a general rule, the more complex and far-reaching the attack, the more mitigation tools you need to have in your arsenal. Below are a few things you need to have in your quiver of digital security.

  1. Get a good web application firewall. As security experts, we’ve stressed the importance of having a good firewall time and again. To review, a firewall acts like a security intermediary between a network and outside traffic. A web application firewall (WAF) specifically protects your web applications from common vulnerabilities and exploits. A WAF also guards sensitive data, such as financial information.
  2. Consider black hole routing. One way to deal with a DDoS attack is to give it nothing to work with. Black hole routing involves configuring routers to drop incoming and outgoing traffic to and from a specific IP address. The problem with that tactic is that both benign and malicious traffic is inaccessible. You’re offline — but at least the DDoS attack can’t take root.
  3. Use rate limiting. This is something that would be implemented by a security engineer. Rate limiting involves limiting the amount of requests made to a service or system. DDoS attacks aim to overwhelm and inundate, but rate limiting puts a cap on how many requests a given traffic source can make.
  4. Connect to a VPN. VPNs can prevent DDoS attacks by preventing attackers from finding your network and hiding your IP address. Instead of attacking your actual network, when you connect through a VPN, a DDoS attacker only knows the IP address of the VPN’s server. The attacks would hit only your VPN, keeping you safe. You can also just connect to a different server.
NordVPN desktop app connected to a Paris, France server
NordVPN desktop app connected to a Paris, France server
  1. Invest in good anti-DDoS software. We also recommend buying some good anti-DDoS software. We’re particularly keen on Cloudflare Application Security and Performance, as well as HAProxy, both of which are free open-source tools.

Pro Tip: Getting just any VPN isn’t enough. You need to assess the VPN you want, from the type of VPN protocol it uses to the number of servers it offers. There are tons of factors you should consider when comparing VPN providers, but we already did the work for you in our roundup of the best VPNs on the market.

What to Do If You’re in the Midst of a DDoS Attack

No prevention method is foolproof. If a DDoS attack happens, one thing you can do is apply black hole routing. The downside is that not only are you blocking attackers, but you’re also potentially blocking legitimate users. Rate limiting is something you can do proactively before a DDoS attack, but also during an attack. In the midst of an attack, you can also ramp up server capacity by adding additional servers to handle the increased load. That would not, however, curtail the root of the problem — an ongoing DDoS attack.

That’s where cyber insurance can come in handy. Let’s face it: There are a lot more risks out there than just DDoS attacks. Having insurance for cyber attacks can definitely come in handy, whether you’re an individual or a business. If you go for cyber insurance, you still need to take your cybersecurity seriously with a top-tier antivirus software. Even if you have car insurance, you still do your best to drive safely and avoid accidents. The same goes for cyber insurance.

Bottom Line

We’ve covered a lot in this primer. A DDoS attack happens when a bad actor overwhelms a server with internet traffic, rendering users unable to access internet services and sites. There are many kinds of DDoS attacks that happen at different levels, leading to things like a cascade of HTTP requests. Firewalls, black hole routing, and good anti-DDoS software can help prevent and curb such attacks and keep you and your systems safe.

DDoS FAQs

We get a lot of questions about DDoS, which remains a significant security threat. Below are some of the questions and our answers.

  • What is DDoS?

    A distributed denial of service (DDoS) attack is a cybercrime in which a bad actor overwhelms a server with internet traffic, rendering users unable to access internet services and sites.

  • What are some famous DDoS attacks?

    In 1996, Panix, an early ISP, was sent offline for several days by an SYN flood. In 2022, a Google Cloud Armor customer was hit with a number of HTTPS DDoS attacks, which were soon thwarted.

  • How do I protect myself from DDoS attacks?

    Firewalls, black hole routing, use rate limiting, and good anti-DDoS software are some of the tools we highly recommend to contend with the digital security threat.

  • Can DDoS attacks target individuals?

    Even though we mostly hear about DDoS attacks that shut down businesses, individuals can get targeted too. Whether you beat someone in a video game or got into an argument on a forum, people can overwhelm your network using your IP address. That’s why we always recommend using a VPN.

  • What happens during a DDoS attack?

    Basically, a DDoS attack sends a bunch of requests to a network in order to overwhelm it and shut it down. That network can be anything from your home network to an office network to an entire hosting platform. That’s why the scale of DDoS attacks varies widely.

Citations
  1. DataReportal. (2024). DIGITAL 2024: GLOBAL OVERVIEW REPORT.
    datareportal.com/reports/digital-2024-global-overview-report

  2. Cisco. (2020). Cisco Annual Internet Report (2018–2023) White Paper.
    cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html

  3. Imperva. (2024). OSI Model.
    imperva.com/learn/application-security/osi-model/

  4. PLATO History. (2010). Perhaps the First Denial-of-Service Attack?
    platohistory.org/blog/2010/02/perhaps-the-first-denial-of-service-attack.html

  5. Github. (2018). February 28th DDoS Incident Report.
    github.blog/2018-03-01-ddos-incident-report/

  6. Google. (2018). How Google Cloud blocked the largest Layer 7 DDoS attack at 46 million rps.
    cloud.google.com/blog/products/identity-security/how-google-cloud-blocked-largest-layer-7-ddos-attack-at-46-million-rps