DDoS (Distributed Denial of Service): What it is, warning signs, and how to defend fast

DDoS (Distributed Denial of Service)

What it is

A DDoS attack is a traffic jam on purpose. Thousands of hacked devices (a botnet) or misused services flood your site, app, or API with requests so real users can’t get through. Outages can last minutes—or much longer without a plan.

How it works 

  • Network floods: overwhelm bandwidth (UDP/TCP floods).

  • Protocol tricks: exhaust servers/load balancers (SYN, ACK, ICMP).

  • Application hits: target URLs/APIs that are expensive to serve (HTTP GET/POST).

  • Amplification: abuse open services (DNS/NTP/memcached) to multiply traffic.

Signs you’ll see

  • Site/API is slow or unreachable; timeouts climb

  • Spikes from a few regions or thousands of odd IPs

  • Infrastructure OK, but one URL or endpoint pegged at 100%

Defend smart (before it happens)

  • Use a DDoS-capable CDN/WAF in front of everything public.

  • Turn on rate limiting, challenge pages, and bot filtering.

  • Lock down amplifiers you control (no open resolvers); prefer anycast edge protection.

  • Create an emergency profile: cached pages, maintenance mode, and API allowlists.

If you’re under attack 

  1. Activate DDoS mode on CDN/WAF; raise challenges/rate limits for hot paths.

  2. Block/shape by ASN/geo/signature; throttle or drop obviously bad traffic.

  3. Protect the origin: only allow CDN IPs; increase autoscale limits temporarily.

  4. Communicate: status page and brief updates reduce support load.

  5. Capture evidence: traffic samples and logs help tune long-term rules.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • NDR (Network Detection And Response)

        What it is Network Detection and Response (NDR) watches live network traffic to spot and investigate suspicious behavior in real time. Instead of relying on signatures, it analyzes patterns and anomalies to catch threats moving across your ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • XDR (Extended Detection and Response)

        What it is XDR is a security system that watches your company’s devices, email, cloud, and network together and connects the dots. Instead of separate tools, XDR pulls all the signals into one place, spots attacks faster, and can auto-block bad ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • Computer Network Attack

        What it is A computer network attack is a deliberate hit on your systems to break, slow, or quietly take control. Attackers exploit weak spots in apps, devices, or configurations to spread malware, steal data, or flood services with traffic (DDoS) ...