A Distributed Denial-of-Service (DDoS) attack is an attempt to overwhelm a web server with fake internet traffic with the objective of forcing it offline.
DDoS attacks are executed by compromised devices networked together to create a botnet. Any device can become a bot if it’s infected with a specific malware - usually Mirai malware.
Examples of devices that could be turned into bots include computers, mobile devices, and Internet of Things (IoT) devices.
Bots divert a small amount of traffic from infected devices to avoid detection. As each bot is networked together, the intensity of the attack increases. This is why DDoS attacks require large-scale botnets.
How Do Botnets Work?
Botnets receive two different sets of instructions:
- How to locate and infect other devices
- DDoS attack details
The method of delivery of these instructions depends on how the bots are networked together.
There are two different arrangements - the client-server model and the P2P model.
Client-Server Model
This is the most common botnet arrangement. Each infected device is orchestrated from a single point of origin known as the Command and Control server (C&C server). This is where all DDoS instructions are issued from.
P2P Model
In a P2P model, each bot receives its instructions from other infected bots on the network. Because there isn’t a single source issuing commands, this type of botnet is more difficult to take down.
Examples of Famous DDoS attacks
Five examples of famous DDoS attacks include:
1. The Google DDoS Attack (2017)
2. KerbsonSecurity DDoS Attack (2016)
3. GitHub DDoS Attack (2018)
4. PopVote DDoS Attack (2014)
5. Cloudflare DDoS Attack (2014)
