What is a DDoS Attack?

A Distributed Denial-of-Service (DDoS) attack is an attempt to overwhelm a web server with fake internet traffic with the objective of forcing it offline.

DDoS attacks are executed by compromised devices networked together to create a botnet. Any device can become a bot if it’s infected with a specific malware - usually Mirai malware.

Examples of devices that could be turned into bots include computers, mobile devices, and Internet of Things (IoT) devices.

botnet
Botnet executing a DDoS Attack

Bots divert a small amount of traffic from infected devices to avoid detection. As each bot is networked together, the intensity of the attack increases. This is why DDoS attacks require large-scale botnets.

How Do Botnets Work?

Botnets receive two different sets of instructions:

  1. How to locate and infect other devices
  2. DDoS attack details 

The method of delivery of these instructions depends on how the bots are networked together.

There are two different arrangements - the client-server model and the P2P model.

Client-Server Model

This is the most common botnet arrangement. Each infected device is orchestrated from a single point of origin known as the Command and Control server (C&C server). This is where all DDoS instructions are issued from.

client server model
Client-Server botnet model

P2P Model

In a P2P model, each bot receives its instructions from other infected bots on the network. Because there isn’t a single source issuing commands, this type of botnet is more difficult to take down.

p2p botnet model
P2P botnet model

Examples of Famous DDoS attacks

Five examples of famous DDoS attacks include:

1. The Google DDoS Attack (2017)

2. KerbsonSecurity DDoS Attack (2016)

3. GitHub DDoS Attack (2018)

4. PopVote DDoS Attack (2014)

5. Cloudflare DDoS Attack (2014)

Key takeaways

  • Check icon
    Many victims are unaware that their devices have been recruited into a botnet.
  • Check icon
    One of the leading causes of IoT devices becoming infected with botnet malware is the use of default usernames and passwords.
  • Check icon
    A 503 server unavailable message could be evidence of a DDoS attack taking place.
  • Check icon
  • Check icon
Reviewed by
No items found.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.

More from our blog

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating