Hero Image

What is a DDos Attack and How Does It Work?

DDoS attacks are a primary concern in Internet security today. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target with a flood of Internet traffic. Ravensburger faced a DDos attack during the launch of 'Disney Lorcana: Rise of the Floodborn'

due to which the company had to shut down the launch and sales.

Any major website that is launching a product is expecting a huge load of Internet traffic to come its way. A DDos attack floods the website with an overwhelming amount of traffic that it is not programmed to handle, intending on making a machine or network resource unavailable to its intended users.

In layman terms, it is like an unexpected influx of cars on the road, that is preventing regular traffic from reaching its destination. Or in even simpler terms, if you were waiting in line, and 100 people cut in line in front of you so you're denied service, in this case, on a much larger scale.

How does a DDoS attack work?
DDoS attacks utilise multiple compromised computer systems as sources of traffic to attack the target. Such compromised machines can include computers and other networked resources such as IoT devices. DDoS attacks require machines that are connected to any Internet network.

These networks consist of computers and other devices (such as IoT devices) which have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet.

Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions to each bot.

When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the server or network to become overwhelmed, resulting in a denial-of-service to normal traffic.

Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.

How to identify a DDoS attack:

The most obvious symptom of a DDoS attack is a site or service suddenly becoming slow or unavailable. But since a number of causes — such a legitimate spike in traffic — can create similar performance issues, further investigation is usually required.

Traffic analytics tools can help you spot some of these telltale signs of a DDoS attack:

  • Suspicious amounts of traffic originating from a single IP address or IP range
  • A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version
  • An unexplained surge in requests to a single page or endpoint
  • Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)

  • Authored by Feba Bovas