# DoS and DDoS Attacks ## What is a Denial of Service Attack A Denial of Service attack, abbreviated as DoS, is an attack that attempts to make a machine, network, or service unavailable to its intended users by overwhelming it with traffic or exploiting vulnerabilities that cause it to crash or malfunction. The goal is not to steal data but to deny legitimate users access to a service. A DoS attack from a single source can often be blocked by identifying and filtering the attacker's IP address. ## Distributed Denial of Service A Distributed Denial of Service attack, abbreviated as DDoS, is a DoS attack that uses many sources simultaneously, often thousands or millions of compromised computers called a botnet. Because the attack traffic comes from many different IP addresses around the world, it is much harder to block than a single-source DoS attack. DDoS attacks can generate enormous volumes of traffic that overwhelm even large, well-resourced targets. DDoS attacks are used to take down websites and online services, often for financial extortion, competitive sabotage, or ideological reasons. ## Types of DDoS Attacks Volume-based attacks attempt to consume all available bandwidth by flooding the target with massive amounts of traffic. UDP floods send large numbers of UDP packets to random ports. ICMP floods send huge volumes of ping requests. Amplification attacks send spoofed requests to third-party servers that send much larger responses to the victim's address, amplifying the attack volume many times. Protocol attacks exploit weaknesses in network protocols. SYN floods send large numbers of TCP SYN packets without completing the three-way handshake, filling the target's connection table. Ping of death sends malformed or oversized packets that cause some systems to crash. Application layer attacks, also called Layer 7 attacks, target specific applications rather than network infrastructure. HTTP floods send large numbers of seemingly legitimate HTTP requests that exhaust server resources. Slowloris attacks open many connections to a web server and keep them open by sending partial requests very slowly, consuming connection slots. ## Botnets A botnet is a network of computers infected with malware and controlled by an attacker without their owners' knowledge. Botnet operators, called botmasters, use command-and-control servers to send instructions to infected machines. Botnets are used to conduct DDoS attacks, send spam, distribute malware, and perform other malicious activities. A botnet may comprise millions of computers, including home computers, servers, and IoT devices. ## DDoS Mitigation DDoS mitigation involves traffic scrubbing services that analyze incoming traffic and filter out attack traffic before it reaches the target. Content Delivery Networks can absorb large volumes of traffic. Anycast routing distributes attack traffic across many servers. Rate limiting restricts the number of requests from a single source. Cloud-based DDoS protection services can absorb very large-scale attacks.