DDoS Attacks Explained

By A. Northam • Published: 2 March 2026 • Updated: 23 April 2026

A Distributed Denial of Service (DDoS) attack attempts to make an online service unavailable by overwhelming it with traffic or requests from many sources at once.

Unlike attacks that focus on stealing data, DDoS attacks primarily target availability.

DDoS attack flow (diagram)

A DDoS attack overwhelms a service by sending excessive traffic from many distributed sources.

What “denial of service” means

A service is “denied” when legitimate users cannot access it reliably. This can happen when:

systems are overloaded,
network capacity is saturated, or
application resources are exhausted.

This maps directly to the CIA Triad, where availability is a core protection objective.

Why DDoS attacks happen

Common motivations include:

Extortion: demanding payment to stop disruption
Disruption: targeting competitors or public services
Distraction: creating noise while other activity occurs elsewhere
Ideological motives: protest or sabotage campaigns

Common categories of DDoS attacks

1) Volumetric attacks

These aim to saturate bandwidth or upstream capacity using extremely high traffic volume.

2) Protocol-based attacks

These exploit network or transport-layer behaviors to exhaust infrastructure resources.

3) Application-layer attacks

These overwhelm the application itself by sending large numbers of expensive requests.

Note: This page focuses on outcomes and defensive principles, not attack execution.

Business impact

Even short disruptions can create cascading effects:

Lost revenue and failed transactions
Customer trust and reputational damage
Operational disruption and increased support load
SLA penalties and contractual consequences

How DDoS defense works

Effective DDoS defense is typically layered:

Capacity and redundancy: avoiding single choke points
Traffic filtering: blocking malicious patterns
Rate limiting: reducing abusive request volumes
Monitoring and detection: identifying abnormal traffic quickly
Response playbooks: clear procedures when disruption occurs

These map cleanly to broader security control categories:

Preventive: filtering and rate controls
Detective: monitoring and alerting
Corrective: incident response and recovery steps

See: Security Controls Taxonomy and Defense in Depth Explained.

DDoS and risk management

DDoS is best treated as a risk scenario where the key question is:

How much downtime can the organization tolerate, and what is the acceptable cost to reduce that risk?

See: Risk Management Explained.

Key takeaway

DDoS attacks are availability attacks. The strongest defenses combine layered controls, monitoring, and operational readiness — not a single product.

This article is provided for educational purposes only and does not constitute legal, compliance, or professional security advice.