What is a DDoS Attack? How do you defend against it?
What is DDoS?
DDoS (Distributed Denial of Service) is an attack where the attacker uses a large number of compromised machines (botnet) to simultaneously flood a target server with massive traffic, exhausting its resources and making it unable to respond to legitimate users.
DDoS vs DoS
| DoS | DDoS | |
|---|---|---|
| Source | Single origin | Distributed, multiple sources |
| Scale | Smaller | Massive |
| Defense | Easier (block the IP) | Hard (IPs are distributed) |
Common DDoS Attack Types
1. Volume-Based Attacks
Flood the network bandwidth with packets — e.g., UDP Flood, ICMP Flood.
2. Protocol Attacks
Exploit protocol weaknesses to exhaust server resources — e.g., SYN Flood (incomplete TCP three-way handshake).
3. Application Layer Attacks
Simulate normal HTTP requests to overload the server — e.g., HTTP Flood. Hardest to detect.
Defense Strategies
Frontend / Architecture
- CDN: Services like Cloudflare absorb and filter malicious traffic
- Load Balancer: Distribute traffic across multiple servers
- Rate Limiting: Restrict the number of requests from a single IP per time window
Backend / Network
- Firewall rules: Block suspicious IPs or abnormal traffic patterns
- IP blocklists / reputation databases: Automatically block known malicious IPs
- CAPTCHA: Add human verification for login or sensitive actions
- Anycast network: Spread traffic across multiple geographic nodes
Service Layer
- DDoS protection services: AWS Shield, Cloudflare DDoS Protection, Akamai, etc.
- Auto Scaling: Automatically expand server capacity when traffic spikes
Summary
DDoS cannot be completely prevented, but combining CDN, rate limiting, and dedicated protection services can significantly reduce its impact.
✦ AI Mock Interview
Type your answer and get instant AI feedback
Sign in to use AI scoring