DDoS (Distributed Denial of Service)
An attack in which a target system is overwhelmed by massive amounts of traffic from many distributed sources, rendering it inaccessible to legitimate users.
A DDoS attack (Distributed Denial of Service) aims to render a server, service, or network inaccessible by flooding it with traffic from many sources acting simultaneously (botnet).
Difference Between DoS and DDoS
- DoS: Attack from a single source—easily mitigated by IP blocking
- DDoS: Attack from thousands or millions of compromised devices—very difficult to filter, as the traffic originates from seemingly legitimate IP addresses worldwide
Major Types of DDoS Attacks
Volumetric (Layer 3/4): Exhausting network bandwidth (UDP floods, amplification attacks with up to 3.4 Tbps)
Protocol (Layer 4): Exhausting server resources through TCP protocol vulnerabilities (SYN flood, ACK flood)
Application Layer (Layer 7): Overload web servers with seemingly legitimate HTTP requests (HTTP Flood, Slowloris) – effective even with low traffic
DDoS Protection
- Cloud-based scrubbing services (Cloudflare, Akamai, AWS Shield)
- Rate limiting and bot management via WAF/CDN
- BGP blackholing as an emergency measure
- Incident response plan with defined escalation procedures
Current Threat Landscape
According to the BSI Situation Report 2024, high-volume DDoS attacks in Germany increased massively in the first half of 2024. Politically motivated groups (pro-Russian hacktivists) specifically targeted government agencies, banks, and critical infrastructure. DDoS services are already available on the dark web starting at 7 EUR/hour.
