Help you understand the industry and master the latest information on the Internet
A Distributed Denial of Service (DDoS) attack is a variant of a DoS attack that employs very large numbers of attacking computers to overwhelm the target with bogus traffic. To achieve the necessary scale, DDoS are often performed by botnets which can co-opt millions of infected machines to unwittingly participate in the attack, even though they are not the target of the attack itself. Instead, the attacker leverages the massive number infected machines to flood the remote target with traffic and cause a DoS.
Though the DDoS attack is a type of DoS attack, it is significantly more popular in its use due to the features that differentiate and strengthen it from other types of DoS attacks:
The attacking party can execute an attack of disruptive scale as a result of the large network of infected computers—effectively a zombie army—under their command
The (often worldwide) distribution of attacking systems makes it very difficult to detect where the actual attacking party is located
It is difficult for the target server to recognize the traffic as illegitimate and reject it an entry because of the seemingly random distribution of attacking systems
DDoS attacks are much more difficult to shut down than other DoS attacks due to the number of machines that must be shut down, as opposed to just one
DDoS attacks often target specific organizations (enterprise or public) for personal or political reasons, or to extort payment from the target in return for stopping the DDoS attack. The damages of a DDoS attack are typically in time and money lost from the resulting downtime and lost productivity.
There are a number of DDoS mitigation techniques that organizations can implement to minimize the possibility of an attack. Network security infrastructure should include DDoS detection tools that can identify and block both exploits and tools that attackers use to launch an attack. Additionally, network administrators can create profiles to observe and control specific floods of traffic (i.e. SYN floods, UDP, and ICMP floods). Through looking at all traffic in aggregate, thresholds can be set to monitor and cut behaviors that indicate a possible DDoS attack.