Introducing Illumio Insights — breakthrough AI-powered observability, detection, and containment.
Read more

Experienced a Breach?

|
Contact Us
|
+1 855 426 3983
back to glossary

Distributed Denial of Service (DDoS) Attack

A distributed denial of service attack (DDoS) is an attempt to make an online service inaccessible by hitting it with a massive amount of traffic from a variety of machines. A DDoS attack can block access to servers, devices, databases, networks, and applications.

The difference between a DDoS attack and a standard denial of service attack is that a DDoS attack comes from multiple machines rather than just one. Let's look at how this is accomplished.

How DDoS Attacks Work

A DDoS attack begins with a botnet. A botnet is a network of computers that were infected with malicious software designed for DDoS attacks and other nefarious uses. Users may be tricked into downloading the infected software through phishing emails, infected websites, and even social networks by taking advantage of known exploits in software and operating systems.

Once these computers are infected, the botnet "wrangler" can control all of these machines without the user’s knowledge remotely from one application. Once the botnet grows large enough, the network can be used to launch an attack against any target.

Once a botnet is ready, the attacker can send a start command that will have every machine in the botnet sending a flood of requests to the intended target. If the attack makes it past defenses, it can quickly overpower most systems causing service outages and possibly crashing servers.

Many attackers that have created botnets offer their services for a price on online and darknet marketplaces, giving potentially anyone the capability of launching a DDoS attack.

Types of DDoS Attacks

DDoS attacks come in many forms, depending on what an attacker is trying to do. Three main categories are volume-based attacks, protocol attacks, and application-layer attacks.

Volume-Based Attack

This type of attack attempts to use all the available bandwidth between the target and the internet. One way this is done is through amplification, which involves flooding a DNS server with a spoofed IP address (the IP address of the target), which triggers much larger DNS responses to the target. SNMP and NTP protocols are also used in volume-based attacks. Eventually, the responses the target is receiving will clog the network and block incoming traffic.

Protocol Attack

Protocol attacks disrupt a service by exhausting the resources of network equipment like load balancers and firewalls. These attacks target the network and data link layers of the protocol stack. One type of protocol attack is called a SYN flood. This type of attack uses the TCP handshake to flood a network. The botnet sends the target a massive amount of TCP initial connection request SYN packets using spoofed IP addresses. The target machine's resources get exhausted, waiting for the final step of all these requests that will never happen.

Application Layer Attack

This type of DDoS attack targets applications running on your network, specifically web applications that respond to HTTP requests. HTTP requests are lightweight for a client but can require a lot of resources from the server to generate the response. One request can involve code execution, multiple image requests, and database queries. A botnet using an application layer attack can bring down a server by simply hitting the same web page from each of its nodes at the same time.

Symptoms of a DDoS Attack

A symptom of a DDoS attack is a site or service that obviously and suddenly has become slow or unresponsive, but not every slow site is being attacked. Traffic spikes and legitimate server issues can cause the same type of unresponsiveness.

To determine if you are under a DDoS attack, you will have to investigate further with traffic analysis tools to determine what type of traffic you are getting, where it is coming from, and where it is going. Some signs of a DDoS attack include:

  • Abnormal amounts of traffic coming from a single IP address or range of addresses
  • Odd spikes in traffic that happen at strange times of the day, for a limited amount of time, or that follow a pattern
  • A sudden flood of traffic to a single webpage or service
  • A flood of traffic from users that have a similar profile, like geolocation, browser version, or device type

Preventing DDoS Attacks

Protecting a network against a DDoS attack is not the most simple task. It is not like malware or viruses that you can remove from the infected systems. DDoS attacks come from outside a network and can seem like regular traffic until you look into the details. It's important to act quickly once a DDoS attack is detected because these types of attacks can bring down a website or service in minutes.

Secure Your Router

Your router is the gateway in and out of your network. If the bots in a botnet can't make it through the router, they can't affect any services on it. It is your first line of defense and should be configured to filter traffic by priority and block any threatening data or traffic.

Secure IoT Devices

Many people who secure their laptops and their phones don't think twice about leaving the default password on their IoT devices. Many IoT devices run full Linux operating systems that can be and have been targeted with malware that will make them a bot in a botnet. They are a favorite target because of this. Securing your IoT devices with a strong password will prevent them from becoming another bot in a botnet.

Use Machine Learning

Detecting a DDoS attack involves traffic analysis. It is possible to do this manually, but machine learning technology can detect malicious traffic quickly. Traffic can be analyzed in real-time for known DDoS patterns and anomalies, and any suspicious traffic can be blocked before it has a chance to slow down a service or website.

Conclusion

A distributed denial of service or DDoS attack is an attempt to block access to a website or service by flooding it with requests to overload the system. Attackers accomplish this by infecting an army of machines with malware that they can use to target any site or service they choose. Troubleshooting and preventing DDoS attacks is not straightforward and involves analyzing traffic for anomalies, but with the right tools, DDoS attacks can be marginalized or prevented.

back to glossary

Distributed Denial of Service (DDoS) Attack

blog posts

Illumio Products

See What’s New at Illumio: Better Security, Visibility, and Efficiency

Discover the latest Illumio platform updates designed to simplify security, improve visibility, and help teams stop breaches faster across hybrid and multi-cloud environments.
read now
Zero Trust Segmentation

3 Takeaways from the 2025 Gartner® Market Guide for Network Security Microsegmentation

Explore key microsegmentation market trends, emerging capabilities, and how Illumio is helping organizations contain breaches and simplify segmentation.
read now
Partners & Integrations

Bring Segmentation to Your SOC with the Illumio + Microsoft Sentinel Integration

Discover how the Illumio and Microsoft Sentinel integration gives SOC teams real-time visibility, automated threat response, and centralized control to reduce risk and accelerate investigations in hybrid environments.
read now

Distributed Denial of Service (DDoS) Attack

briefs

Brief

Illumio + NVIDIA Deliver Zero Trust for OT Environments

Learn how Illumio and NVIDIA help you achieve microsegmentation in critical OT environments without forcing changes to your OT devices.

read now
Brief

Accelerating Zero Trust with Proactive Threat Prevention, Visibility, and Microsegmentation

Learn how the Check Point and Illumio integration helps stop lateral movement and strengthen Zero Trust security across hybrid cloud environments.

read now
Brief

Illumio Segmentation

Control lateral movement to stop breaches and ransomware attacks from becoming cyber disasters.

read now

Distributed Denial of Service (DDoS) Attack

demos

Demo

Illumio Segmentation Demo

Illumio Segmentation provides real-time visibility and microsegmentation to contain breaches.

read now

Distributed Denial of Service (DDoS) Attack

guides

Guide

Microsegmentation Myths Debunked

Learn what's true about microsegmentation, what's not, and why it matters for your cybersecurity strategy.

read now
Guide

6 Steps to Implementing a Zero Trust Model

Learn key best practices to building stronger Zero Trust security to protect against ransomware and other cyberattacks.

read now

Distributed Denial of Service (DDoS) Attack

infographics

No items found.

Distributed Denial of Service (DDoS) Attack

reports

Report

2025 Gartner® Market Guide for Network Security Microsegmentation

Get expert insights from Gartner on the network security microsegmentation market and its recognized Representative Vendors, including Illumio Segmentation.

read now
Report

Illumio: A Leader in Microsegmentation

Download your copy of The Forrester Wave for Microsegmentation Solutions.

read now
Report

"The Time for Microsegmentation Is Now" Webinar Q&A

Forrester Sr. Analyst David Holmes offers valuable perspectives on the importance of microsegmentation and more.

read now

Distributed Denial of Service (DDoS) Attack

webinars

webinar

How Zero Trust Segmentation Reduces Zero-Day Vulnerabilities and Protects Assets

Join Kyndryl and Illumio for an exclusive session tailored for security and IT leaders in financial services. Cxplore how Kyndryl and Illumio can help you build a resilient Zero Trust architecture.

learn more
webinar

Inside the Forrester Wave for Microsegmentation Solutions

Join Scott Smith, analyst relations director at Illumio, as he interviews John Kindervag, Illumio’s chief evangelist and the visionary behind zero trust. Discover why microsegmentation is essential for modern networks and what Illumio's top placement in the Forrester Wave means for the future of cybersecurity.

learn more
webinar

From Vulnerable to Invincible: Reinforcing Your Network with Micro-Segmentation

Attend this webinar to discover how implementing microsegmentation with Stratejm Security-as-a-Service powered by Illumio can transform your security posture.

learn more

Distributed Denial of Service (DDoS) Attack

videos

Video

The Efficacy of Microsegmentation: Insights From Bishop Fox

Rob Ragan of Bishop Fox discusses the red team specialist's test on the efficacy of microsegmentation to prevent lateral movement attacks.

read now
Video

5 Best Practices for Microsegmentation in Your Cisco Data Center

Reduce complexity and enable effective microsegmentation in your Cisco data center environment.

read now

Distributed Denial of Service (DDoS) Attack

blog posts

No items found.

Distributed Denial of Service (DDoS) Attack

briefs

No items found.

Distributed Denial of Service (DDoS) Attack

demos

No items found.

Distributed Denial of Service (DDoS) Attack

reports

No items found.

Distributed Denial of Service (DDoS) Attack

webinars

No items found.

Distributed Denial of Service (DDoS) Attack

videos

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more