DDoS attacks: A simplified guide + DDoS attack protection tips


What’s the difference between the deep web vs. the dark web? Turn to this overview to learn how they both work and for tips for those surfing the deep web and dark web.

Distributed denial-of-service (DDoS) attacks are cyberattacks used by hackers attempting to make a computer or website unavailable by flooding or crashing the website with too much traffic. This tricky cyberattack has a few  different aspects we’ll cover later on, but what you should know now is that they are on the rise — with the first  half of 2021 seeing over 5.4 million DDoS attacks alone.

It’s for this reason that you’ll find a detailed overview of common DDoS attacks below, along with cybersecurity  tips to help protect your devices and network. We’ve covered how DDoS attacks work, different types of DDoS  attacks, common warning signs of DDoS attacks, and hacker motivations for carrying out DDoS attacks. You’ll even find real-life DDoS attack examples and the differences between DDoS attacks vs. DoS attacks. All of which  will help provide some clarity as to why you should avoid DDoS hacking at all costs.

How does a DDoS attack work?

Ddos attacks explained

The primary way hackers accomplish DDoS attacks is through a network of remotely-controlled, hacked  computers called botnets. These infected devices form what people know as “zombie networks” used to flood  targeted websites, servers, and networks with more data than they can accommodate.

Botnets can range from thousands to millions of computers controlled by cybercriminals. And cyberthieves use them for a variety of purposes, including sending spam and different forms of malware such as ransomware. This is  done in an effort to compromise and/or steal user information to put some cash in the hacker’s pockets. 

Beyond these basics, there are a few different types of DDoS attacks to be aware of for your personal cybersecurity.

DoS attacks vs. DDoS attacks 

Dos Attacks 

  • Use a single corrupt device to flood targeted
  • Typically target one specific victim

DDoS Attacks

  • Use zombie networks to flood targeted
  • Target larger networks to affect more users

There’s more differentiating DDoS attacks from DoS attacks besides the absence of an extra consonant. First, DoS  attacks only use one internet connection to overwhelm a targeted network or website. DDoS attacks use botnets  to form “zombie networks” to disable potential victims. These zombie networks make protecting targeted devices  more difficult when compared with DoS attacks.  

These two cyberattacks also differ in who and what they target. DoS attacks mostly go after single servers and/or  networks, typically belonging to a single individual. DDoS attacks, on the other hand, target computer systems  and/or devices connected to the internet that usually belong to a business or organization. This can help expand  the number of potentially affected victims. 

Types of DDoS attacks

Different types of Ddos attacks

DDoS attacks generally consist of attacks that fall into one or more categories, with some more sophisticated  attacks combining attacks on different vectors. The most common categories are as follows, listed from least to  most sophisticated.

Volume-based attacks 

Volume-based attacks, like UDP (User Datagram Protocol) floods, for example, are typically what first comes to  mind when people bring up DDoS attacks. These common DDoS attacks flood a site with a high volume of  connections, overwhelming its bandwidth, network equipment, or servers until it is unable to process the traffic  and collapses.

Protocol attacks 

Hackers created protocol attacks like the Ping of Death to target the resources websites use to protect themselves  like firewalls and load balancers. By disabling these tools, hackers may have a straight shot into the server/website  they are trying to disable. 

Application attacks 

Application layer attacks — sometimes referred to as Layer 7 Attacks — target popular applications regularly.  Techniques including HTTP floods and cache-busting attacks target the layer where a server generates web pages  and responds to HTTP requests. That way, they may initially appear as legitimate requests from users until it is too late, leaving the victim unable to operate their device.

5 warning signs of DDoS attacks 

Ddos attacks symptoms

DDoS attacks do have definitive symptoms. But the symptoms often mimic other issues you might have with your  computer, ranging from a slow internet connection to a website appearing down, making it hard to determine  whether you’re experiencing a DDoS attack without a professional diagnosis.

Some of these warnings signs of a DDoS include: 

  1. Slow access to files 
  2. A long-term inability to access a particular website
  3. Internet disconnection
  4. Problems accessing all websites
  5. An excessive amount of spam emails 

Again, most of these symptoms can be hard to identify as being unusual. Even so, if two or more occur over long  periods of time, you might be a victim of a DDoS attack.

Noteworthy DDoS attacks 

Statistics show DDoS attacks aren't going away anytime soon. In fact, there has been a 14% increase in DDoS attacks in recent years.

  • Mafiaboy, 2000: A 15-year-old hacker carried out a DDoS attack on university servers, allowing him to compromise their network and crash major sites, such as CNN, Amazon, Yahoo, and eBay.
  • ProtonMail, 2015: A Swiss encrypted email provider paid over $6,000 in Bitcoin to hackers after its site  crashed due to hackers using a combination of different DDoS attacks.
  • Dyn, 2016: Hackers used malware to create a zombie network from smart TVs, printers, baby monitors,  cameras, and other IoT devices. They then carried out DDoS attacks to compromise sites like Twitter, the  Guardian, Netflix, Reddit, and CNN.
  • Amazon, 2020: Directed at Amazon Web Services, hackers carried out a DDoS attack over a three  days period to unsuccessfully try and crash AWS operating systems.
  • Ukraine, 2022: Ukrainian officials reported multiple DDoS attacks carried out by Russian hackers targeting  Ukrainian government resources and websites. 

Now that you know how dangerous DDoS attacks can be and how far they can reach, you might want to have  some tricks up your sleeve to help prevent DDoS hackers from making their way onto your network.

How to avoid getting DDoSed

ddos attack protection tips

Use these cybersecurity tips to avoid DDoS hacking and keep your devices protected.

Use a VPN 

Using a VPN — whether you're gaming with friends or shopping online — can be incredibly useful for those trying  to prioritize their online privacy. These work by masking and encrypting your IP address and other  identifiable network elements so an ill-intentioned hacker will have trouble disrupting your web access with a  DDoS attack.

Update apps and security software 

Application attacks are when cybercriminals use outdated apps and security flaws to carry out DDoS attacks. To  help avoid this cyberthreat, remember to keep your security systems and apps up to date. These updates come  with the upgrades necessary to fix system vulnerabilities that DDoS hacking could expose. 

Beware of phishing 

Besides being one of the most prominent cyberattacks today, phishing is also a common sign of DDoS attacks. If  you notice potential phishing scams in your inbox, report them. The FTC reviews reports at reportphishing@apwg.org. And if you receive a smishing text message, you can send it to SPAM (7726). 

Protect your IP address 

Some would say an IP address is just as sensitive as a Social Security number. Why? It’s a combination of numbers  that can specifically identify you — or in this case, your computer. DDoS hackers may try to track your IP address  to find the best way to expose your computer to malware and add you to their zombie network. Similar to SSNs, it's best not to share with others. And if you think it fell into the wrong hands, did you know some internet  providers allow you to change it? Simply log in to your service provider and follow their instructions. 

Install antivirus software 

Since hackers typically use different types of malware to first build zombie networks during a DDoS attack, having  antivirus software installed on your devices is next to priceless. This cybersecurity tool can alert you of potential  malware attacks DDoS hackers use, and work diligently to destroy them if they're legitimate. 

DDoS attacks may not be one of the newer cyberthreats roaming around, but that hasn’t stopped them from trying to take center stage. Use this information and the accompanying tips to elevate your DDoS hacking  protection and ensure the Cyber Safety of your devices and online privacy.

DDoS attack FAQs 

Round out your knowledge of DDoS attacks by looking through some frequently asked questions regarding this cyberthreat.

What are the 3 types of DDoS attacks? 

The 3 types of DDoS attacks include:

  • Volume-based attacks
  • Protocol attacks
  • Application attacks

What causes a DDoS attack? 

A DDoS attack occurs when a hacker uses a network of infected devices (botnets) to flood a specific server/website with requests until it crashes.

How long do DDoS attacks last? 

DDoS attacks can last as long as 24 hours or more.

What are the signs of being Ddosed? 

Signs of a potential DDoS attack include:

  • Slower loading times
  • A long-term inability to access a particular website
  • Internet disconnection
  • Problems accessing the internet
  • Excessive amount of spam emails 

Who invented DDoS?

Michael Calce performed the first DDoS attack at the age of 15, hacking into a number of university websites and crashing major sites, including CNN, eBay, and Yahoo. 

What is DDoS in gaming? 

DDoS attacks can affect online gamers by preventing them from accessing their online video games and streaming platforms. They can also hinder a player’s performance, causing increased lag time that benefits their opponents.

Are DDoS attacks illegal? 

Yes, DDoS attacks are punishable in a court of law. A hacker could receive jail time, fines, or both. 

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.