DDoS attacks: A simplified guide + DDoS attack protection tips
April 29, 2022 3 min read
What’s the difference between the deep web vs. the dark web? Turn to this overview to learn how they both work and for tips for those surfing the deep web and dark web.
Distributed denial-of-service (DDoS) attacks are cyberattacks used by hackers attempting to make a computer or website unavailable by flooding or crashing the website with too much traffic. This tricky cyberattack has a few different aspects we’ll cover later on, but what you should know now is that they are on the rise — with the first half of 2021 seeing over 5.4 million DDoS attacks alone.
It’s for this reason that you’ll find a detailed overview of common DDoS attacks below, along with cybersecurity tips to help protect your devices and network. We’ve covered how DDoS attacks work, different types of DDoS attacks, common warning signs of DDoS attacks, and hacker motivations for carrying out DDoS attacks. You’ll even find real-life DDoS attack examples and the differences between DDoS attacks vs. DoS attacks. All of which will help provide some clarity as to why you should avoid DDoS hacking at all costs.
How does a DDoS attack work?
The primary way hackers accomplish DDoS attacks is through a network of remotely-controlled, hacked computers called botnets. These infected devices form what people know as “zombie networks” used to flood targeted websites, servers, and networks with more data than they can accommodate.
Botnets can range from thousands to millions of computers controlled by cybercriminals. And cyberthieves use them for a variety of purposes, including sending spam and different forms of malware such as ransomware. This is done in an effort to compromise and/or steal user information to put some cash in the hacker’s pockets.
Beyond these basics, there are a few different types of DDoS attacks to be aware of for your personal cybersecurity.
DoS attacks vs. DDoS attacks
Use a single corrupt device to flood targeted
Typically target one specific victim
Use zombie networks to flood targeted
Target larger networks to affect more users
There’s more differentiating DDoS attacks from DoS attacks besides the absence of an extra consonant. First, DoS attacks only use one internet connection to overwhelm a targeted network or website. DDoS attacks use botnets to form “zombie networks” to disable potential victims. These zombie networks make protecting targeted devices more difficult when compared with DoS attacks.
These two cyberattacks also differ in who and what they target. DoS attacks mostly go after single servers and/or networks, typically belonging to a single individual. DDoS attacks, on the other hand, target computer systems and/or devices connected to the internet that usually belong to a business or organization. This can help expand the number of potentially affected victims.
Types of DDoS attacks
DDoS attacks generally consist of attacks that fall into one or more categories, with some more sophisticated attacks combining attacks on different vectors. The most common categories are as follows, listed from least to most sophisticated.
Volume-based attacks, like UDP (User Datagram Protocol) floods, for example, are typically what first comes to mind when people bring up DDoS attacks. These common DDoS attacks flood a site with a high volume of connections, overwhelming its bandwidth, network equipment, or servers until it is unable to process the traffic and collapses.
Hackers created protocol attacks like the Ping of Death to target the resources websites use to protect themselves like firewalls and load balancers. By disabling these tools, hackers may have a straight shot into the server/website they are trying to disable.
Application layer attacks — sometimes referred to as Layer 7 Attacks — target popular applications regularly. Techniques including HTTP floods and cache-busting attacks target the layer where a server generates web pages and responds to HTTP requests. That way, they may initially appear as legitimate requests from users until it is too late, leaving the victim unable to operate their device.
5 warning signs of DDoS attacks
DDoS attacks do have definitive symptoms. But the symptoms often mimic other issues you might have with your computer, ranging from a slow internet connection to a website appearing down, making it hard to determine whether you’re experiencing a DDoS attack without a professional diagnosis.
Some of these warnings signs of a DDoS include:
Slow access to files
A long-term inability to access a particular website
Problems accessing all websites
An excessive amount of spam emails
Again, most of these symptoms can be hard to identify as being unusual. Even so, if two or more occur over long periods of time, you might be a victim of a DDoS attack.
Noteworthy DDoS attacks
Statistics show DDoS attacks aren't going away anytime soon. In fact, there has been a 14% increase in DDoS attacks in recent years.
Mafiaboy, 2000: A 15-year-old hacker carried out a DDoS attack on university servers, allowing him to compromise their network and crash major sites, such as CNN, Amazon, Yahoo, and eBay.
ProtonMail, 2015: A Swiss encrypted email provider paid over $6,000 in Bitcoin to hackers after its site crashed due to hackers using a combination of different DDoS attacks.
Dyn, 2016: Hackers used malware to create a zombie network from smart TVs, printers, baby monitors, cameras, and other IoT devices. They then carried out DDoS attacks to compromise sites like Twitter, the Guardian, Netflix, Reddit, and CNN.
Amazon, 2020: Directed at Amazon Web Services, hackers carried out a DDoS attack over a three days period to unsuccessfully try and crash AWS operating systems.
Ukraine, 2022: Ukrainian officials reported multiple DDoS attacks carried out by Russian hackers targeting Ukrainian government resources and websites.
Now that you know how dangerous DDoS attacks can be and how far they can reach, you might want to have some tricks up your sleeve to help prevent DDoS hackers from making their way onto your network.
How to avoid getting DDoSed
Use these cybersecurity tips to avoid DDoS hacking and keep your devices protected.
Use a VPN
Using a VPN — whether you're gaming with friends or shopping online — can be incredibly useful for those trying to prioritize their online privacy. These work by masking and encrypting your IP address and other identifiable network elements so an ill-intentioned hacker will have trouble disrupting your web access with a DDoS attack.
Update apps and security software
Application attacks are when cybercriminals use outdated apps and security flaws to carry out DDoS attacks. To help avoid this cyberthreat, remember to keep your security systems and apps up to date. These updates come with the upgrades necessary to fix system vulnerabilities that DDoS hacking could expose.
Beware of phishing
Besides being one of the most prominent cyberattacks today, phishing is also a common sign of DDoS attacks. If you notice potential phishing scams in your inbox, report them. The FTC reviews reports at email@example.com. And if you receive a smishing text message, you can send it to SPAM (7726).
Protect your IP address
Some would say an IP address is just as sensitive as a Social Security number. Why? It’s a combination of numbers that can specifically identify you — or in this case, your computer. DDoS hackers may try to track your IP address to find the best way to expose your computer to malware and add you to their zombie network. Similar to SSNs, it's best not to share with others. And if you think it fell into the wrong hands, did you know some internet providers allow you to change it? Simply log in to your service provider and follow their instructions.
Install antivirus software
Since hackers typically use different types of malware to first build zombie networks during a DDoS attack, having antivirus software installed on your devices is next to priceless. This cybersecurity tool can alert you of potential malware attacks DDoS hackers use, and work diligently to destroy them if they're legitimate.
DDoS attacks may not be one of the newer cyberthreats roaming around, but that hasn’t stopped them from trying to take center stage. Use this information and the accompanying tips to elevate your DDoS hacking protection and ensure the Cyber Safety of your devices and online privacy.
DDoS attack FAQs
Round out your knowledge of DDoS attacks by looking through some frequently asked questions regarding this cyberthreat.
What are the 3 types of DDoS attacks?
The 3 types of DDoS attacks include:
What causes a DDoS attack?
A DDoS attack occurs when a hacker uses a network of infected devices (botnets) to flood a specific server/website with requests until it crashes.
How long do DDoS attacks last?
DDoS attacks can last as long as 24 hours or more.
What are the signs of being Ddosed?
Signs of a potential DDoS attack include:
Slower loading times
A long-term inability to access a particular website
Problems accessing the internet
Excessive amount of spam emails
Who invented DDoS?
Michael Calce performed the first DDoS attack at the age of 15, hacking into a number of university websites and crashing major sites, including CNN, eBay, and Yahoo.
What is DDoS in gaming?
DDoS attacks can affect online gamers by preventing them from accessing their online video games and streaming platforms. They can also hinder a player’s performance, causing increased lag time that benefits their opponents.
Are DDoS attacks illegal?
Yes, DDoS attacks are punishable in a court of law. A hacker could receive jail time, fines, or both.
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.