Understanding the Basics of DDoS Attacks
Key Points
- A DDoS attack floods a target application with excessive traffic, causing severe slowdown, outages, or other abnormal behavior for legitimate users.
- Normal user traffic normally travels smoothly from the internet to the server, but a DDoS overwhelms this “pipe” with malicious traffic, creating congestion that blocks legitimate requests.
- Attackers build or hijack large networks of compromised devices—known as botnets—to generate coordinated traffic from many sources simultaneously.
- The botnet’s controlled computers act like remote robots, sending continuous traffic that overwhelms the target’s connection, preventing regular users from accessing the service.
- If an application exhibits sudden latency, downtime, or odd behavior, it may be under a DDoS attack, prompting viewers to seek further information and ask questions.
Sections
- Basics of DDoS Attacks - Ryan Sumner explains how a DDoS attack floods a target with malicious traffic, overwhelming its connection and causing slowdowns, outages, or other unexpected disruptions for legitimate users.
- Explaining Basic DDoS Congestion - The speaker describes how a flood of malicious traffic overwhelms network capacity, preventing legitimate users from accessing services and resulting in slowdowns or downtime.
Full Transcript
# Understanding the Basics of DDoS Attacks **Source:** [https://www.youtube.com/watch?v=z503nLsfe5s](https://www.youtube.com/watch?v=z503nLsfe5s) **Duration:** 00:03:51 ## Summary - A DDoS attack floods a target application with excessive traffic, causing severe slowdown, outages, or other abnormal behavior for legitimate users. - Normal user traffic normally travels smoothly from the internet to the server, but a DDoS overwhelms this “pipe” with malicious traffic, creating congestion that blocks legitimate requests. - Attackers build or hijack large networks of compromised devices—known as botnets—to generate coordinated traffic from many sources simultaneously. - The botnet’s controlled computers act like remote robots, sending continuous traffic that overwhelms the target’s connection, preventing regular users from accessing the service. - If an application exhibits sudden latency, downtime, or odd behavior, it may be under a DDoS attack, prompting viewers to seek further information and ask questions. ## Sections - [00:00:00](https://www.youtube.com/watch?v=z503nLsfe5s&t=0s) **Basics of DDoS Attacks** - Ryan Sumner explains how a DDoS attack floods a target with malicious traffic, overwhelming its connection and causing slowdowns, outages, or other unexpected disruptions for legitimate users. - [00:03:09](https://www.youtube.com/watch?v=z503nLsfe5s&t=189s) **Explaining Basic DDoS Congestion** - The speaker describes how a flood of malicious traffic overwhelms network capacity, preventing legitimate users from accessing services and resulting in slowdowns or downtime. ## Full Transcript
Hi, I'm Ryan Sumner.
I'm a Chief Network Architect with IBM Cloud.
Today, I'm gonna give you the basics of a DDoS attack.
A DDoS Attack is an attempt by an attacker
to create so much traffic or congestion
to a target application, or an internet application,
that It impedes the traffic flow of normal visitors.
So, what normal visitors might see, or the owner of the application might see,
as a result of a DDoS attack being impeded upon them,
is they might see a drastic reduction in speed,
they might see a complete outage,
or they'll see some unexplained consequences
that they don't normally see within their day-to-day operations.
So, to demonstrate this a bit more,
I'll show to you how normal traffic flows
from users on the internet to the target server
using its internet connection here.
So, we'll have normal Internet users here.
We'll have the clean traffic that comes through the internet
and traverses through the connection from the internet to the target server.
So, this traffic flows just perfectly fine
with no slowdown or
- there's no constriction on that traffic flow.
So, how does an attacker create so much traffic that it causes
an inability for this clean traffic to flow from the internet to the target server through its connection.
So does the attacker just have that many friends?
Usually not.
And he's not going to pick up the phone and say,
"Jump on your computer, now let's all attack this target server!"
He's done his homework.
And he has access to a collection, or a network of attacked,
or hacked, or compromised computers across the internet.
Sometimes these might be IoT devices, they might be
people's computers, they might be other servers on the internet.
But all of these attacked or compromised computers
are at the control of the attacker and we call that network a "botnet."
The reason it's called a botnet is because now
the attacker can remotely control this network of hacked computers
almost like they're robots.
And the attacker can tell that botnet what to do,
and exactly for how long, and exactly where he wants to do it.
So, the attacker when they're ready to start the attack,
will call on all of these hacked computers,
or robots within the botnet,
and start to generate traffic from all of these systems over the internet.
Now, what ends up happening
is we create congestion through this pipe that's coming from the internet to the target server.
So, as this congestion is occurring,
and this never stops, they've created so much congestion across it.
And the amount of time that the botnet that is being executed
continues to exceed, and these internet users are continuing to attempt to come in.
However, the pipe is so congested that they can no longer enter the roadway.
So, this is the basics of a DDoS Attack.
So, if your application is slow, you're experiencing downtime,
or just other odd behavior you might be under a DDoS.
Check below for more information.
Leave us some comments, ask some questions, and if you like this content
please subscribe and "like".