Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!



Via Melchiorre Gioia, 168 - 20125 Milano

+39 02 60830172

Cyber News Knowledge Base

DDoS Attack: what is and how it works

What is DDoS Attack?

What is a Distributed Denial of Service (DDoS) Attack?

A Distributed Denial of Service (DDoS) attack is a type of cyberattack aimed at making an online service unavailable. This is achieved by overwhelming network services with a massive amount of malicious traffic from multiple sources.

In other words, a DDoS attack aims to disrupt the functioning of a website, server, or network by sending an excessive volume of requests, saturating the available resources.

How a DDoS Attack Works

A DDoS attack exploits a network of compromised devices, known as a botnet, to generate illegitimate traffic towards the target.

These devices can be computers, smartphones, or even IoT (Internet of Things) devices infected with malware that makes them remotely controllable.

Once the attacker controls the botnet, they can command it to send a massive number of simultaneous requests to the target, overloading it and causing the suspension or slowing down of the offered services.

Types of DDoS Attacks

DDoS attacks can be classified into different categories based on the method used to overload the target system:

Volume-Based Attacks

These attacks aim to saturate the network bandwidth with a high volume of traffic. Volume-based attacks include methods like UDP (User Datagram Protocol) flooding and ICMP (Internet Control Message Protocol) flooding.

  • UDP Flooding: This type of volume-based DDoS attack involves sending large amounts of traffic with spoofed IP addresses to a targeted system.
  • ICMP Flooding: Attackers overload the bandwidth of a targeted IP address or network router. When the device attempts to respond, all resources (memory, processing power, interface speed) are exhausted, preventing it from handling legitimate user requests.

Protocol Attacks

These attacks exploit vulnerabilities in communication protocols to exhaust server resources. Examples include SYN flood attacks, where the attacker sends SYN connection requests without completing the TCP handshake process, leaving system resources tied up.

Application Layer Attacks

These attacks target web applications and are designed to exhaust server resources at the application layer. A common example is an HTTP flood attack, where the attacker sends a large number of legitimate but overwhelming HTTP requests.

Objectives of DDoS Attacks

DDoS attacks can have various objectives, including:

  • Service Disruption: The primary goal of a DDoS attack is to disrupt the availability of a service, making it inaccessible to legitimate users. This can cause significant financial losses, especially for businesses that operate primarily online.
  • Extortion and Ransom: Some DDoS attacks are motivated by the desire to extort money. Attackers may demand a ransom from the victims in exchange for stopping the attack.
  • Unfair Competition: In some cases, DDoS attacks are used by competitors to damage the reputation or operations of a rival company.
  • Revenge or Activism: Other DDoS attacks may be motivated by personal vendettas or activism, where attackers aim to promote a political or social cause.

Detecting and Responding to a DDoS Attack


Detecting a DDoS attack is not always straightforward, but some signs can include:

  • Sudden slowdown of online services
  • Anomalous increase in network traffic
  • Unavailability of a service without an apparent reason


To respond to a DDoS attack, companies can adopt various strategies:

  • Traffic Filtering: Implement filters to block malicious traffic before it reaches the servers.
  • CDN (Content Delivery Network): Distribute traffic across multiple servers, reducing the impact of the attack.
  • DDoS Mitigation Solutions: Provided by specialized vendors, these solutions monitor and manage traffic to prevent service interruptions.

Distributed Denial of Service vs. Denial of Service

It is important to distinguish between a Distributed Denial of Service (DDoS) and a Denial of Service (DoS). While both aim to make a service unavailable, there are significant differences:

Denial of Service (DoS)

A DoS attack is generally carried out by a single machine or source, aiming to overload the target system with malicious requests or data. DoS attacks are less sophisticated and easier to mitigate compared to DDoS.

Distributed Denial of Service (DDoS)

DDoS attacks, on the other hand, use multiple distributed sources, making them harder to block and manage. Since the traffic comes from various locations, it is more challenging to distinguish between legitimate and malicious traffic.

Protect Yourself from DDoS with SGBox

The SGBox Platform protects your organization from DDoS attacks through the synergistic combination of advanced SIEM (Security Information & Event Management) and SOAR (Security Orchestration, Automation & Response) functionalities.

Its ability to collect, analyze, and manage security information allows you to promptly detect potential threats and activate countermeasures to minimize damage.

Discover the Platform>>

Leave a comment

Your email address will not be published. Required fields are marked *