DDoS Attacks Explained

By A. Northam • Published: 2 March 2026 • Updated: 2 March 2026

A Distributed Denial of Service (DDoS) attack attempts to make an online service unavailable by overwhelming it with traffic or requests from many sources at once.

Unlike many attacks that focus on stealing data, DDoS attacks primarily target availability.

What “denial of service” means

A service is “denied” when legitimate users can’t access it reliably. This can happen when systems are overloaded, upstream network capacity is saturated, or application resources are exhausted.

This maps directly to the CIA Triad, where availability is one of the core protection objectives.

Why DDoS attacks happen

Common motivations include:

Extortion: attackers demand payment to stop disruption
Disruption: targeting competitors, organizations, or public services
Distraction: creating noise while other activity occurs elsewhere
Ideological motives: protest or sabotage campaigns

Common categories of DDoS attacks (conceptual)

1) Volumetric attacks

These aim to saturate bandwidth or upstream capacity using extremely high traffic volume.

2) Protocol-based attacks

These target network or transport-layer behaviors to exhaust infrastructure resources (such as connection handling).

3) Application-layer attacks

These attempt to overwhelm the application itself by sending large numbers of requests that are expensive for the application to process.

Important note: DDoS discussions often include technical mechanics. This page stays focused on outcomes and defensive principles, not attack execution.

Business impact

Even short disruptions can create cascading effects:

Lost revenue and failed transactions
Customer trust and reputational damage
Operational disruption and support load
SLA penalties and contractual consequences

How DDoS defense works at a high level

Effective DDoS defense is typically layered:

Capacity and redundancy: avoiding single choke points
Traffic filtering: blocking malicious traffic patterns
Rate limiting: limiting abusive request volumes
Monitoring and detection: identifying abnormal traffic quickly
Response playbooks: clear procedures when disruption occurs

These map cleanly to the broader security control categories:

Preventive: filtering and rate controls
Detective: monitoring and alerting
Corrective: incident response and recovery steps

See: Security Controls Taxonomy and Defense in Depth Explained.

DDoS and risk management

DDoS is best treated as a risk scenario where the key question is:

How much downtime can the organization tolerate, and what is the acceptable cost to reduce that risk?

See: Risk Management in Digital Security.

Key takeaway

DDoS attacks are availability attacks. The strongest defenses combine layered controls, monitoring, and operational readiness — not a single product.

This article is provided for educational purposes only and does not constitute legal, compliance, or professional security advice.