A Distributed Denial-of-Service (DDoS) attack is an attempt to overwhelm a web server with fake internet traffic with the objective of forcing it offline.
DDoS attacks are executed by compromised devices networked together to create a botnet. Any device can become a bot if it’s infected with a specific malware - usually Mirai malware.
Examples of devices that could be turned into bots include computers, mobile devices, and Internet of Things (IoT) devices.
![botnet](https://cdn.prod.website-files.com/5efc3ccdb72aaa7480ec8179/6131d053c7eac038f179c5d6_Figure%200.jpeg)
Bots divert a small amount of traffic from infected devices to avoid detection. As each bot is networked together, the intensity of the attack increases. This is why DDoS attacks require large-scale botnets.
How Do Botnets Work?
Botnets receive two different sets of instructions:
- How to locate and infect other devices
- DDoS attack details
The method of delivery of these instructions depends on how the bots are networked together.
There are two different arrangements - the client-server model and the P2P model.
Client-Server Model
This is the most common botnet arrangement. Each infected device is orchestrated from a single point of origin known as the Command and Control server (C&C server). This is where all DDoS instructions are issued from.
![client server model](https://cdn.prod.website-files.com/5efc3ccdb72aaa7480ec8179/6131d0bda68df7819f9260d4_Figure%203.png)
P2P Model
In a P2P model, each bot receives its instructions from other infected bots on the network. Because there isn’t a single source issuing commands, this type of botnet is more difficult to take down.
![p2p botnet model](https://cdn.prod.website-files.com/5efc3ccdb72aaa7480ec8179/6131d0e8dc1635a968e9ad3f_Figure%204.png)
Examples of Famous DDoS attacks
Five examples of famous DDoS attacks include:
1. The Google DDoS Attack (2017)
2. KerbsonSecurity DDoS Attack (2016)
3. GitHub DDoS Attack (2018)
4. PopVote DDoS Attack (2014)
5. Cloudflare DDoS Attack (2014)