What Is a DDoS Attack?

· cybersecurity

A DDoS (Distributed Denial-of-Service) attack floods a website, server, or network with a huge volume of fake traffic from many sources at once, overwhelming it so legitimate users can’t get through. The goal isn’t to steal data — it’s to knock a service offline. Here’s how DDoS attacks work, the main types, and how organisations defend against them.

Reviewed and kept current by the Coppers.io editorial team — see how we research .

What a DDoS attack is

Every server can handle only so many requests at once. A denial-of-service attack deliberately exhausts that capacity so real visitors are turned away. A distributed denial-of-service does it from many machines simultaneously — often thousands — making it far harder to block and far more powerful. The result is a slow or completely unavailable website, app, or network.

DoS vs DDoS

  • DoS — comes from a single source; easier to block by filtering that one origin.
  • DDoS — comes from many sources at once, so there’s no single address to block. This distribution is what makes modern attacks so effective.

How DDoS attacks work: botnets

Attackers rarely own thousands of machines — they hijack them. Malware infects computers and IoT devices (cameras, routers) to form a botnet: a network of compromised devices the attacker controls remotely. On command, every device floods the target at once. The owners of those devices usually have no idea they’re taking part, which ties DDoS to the wider problem of malware .

Types of DDoS attacks

  • Volumetric attacks — sheer flood of traffic to saturate bandwidth (the most common).
  • Protocol attacks — exhaust server or firewall resources by abusing network protocols.
  • Application-layer attacks — target a specific app or page with seemingly legitimate requests, harder to detect and often aimed at the layer a WAF protects.

Signs you’re under attack

  • A site or service suddenly becomes slow or unreachable for everyone.
  • A flood of traffic from unusual locations or patterns.
  • Spikes in requests to a single page or endpoint.

These can resemble a legitimate traffic surge, so monitoring helps tell them apart.

How to defend against DDoS

DDoS defence is mostly about absorbing and filtering traffic:

  • Use a CDN / DDoS-protection service (e.g. Cloudflare) to absorb and scrub traffic across a huge network.
  • Rate limiting to cap requests from any single source.
  • A web application firewall for application-layer attacks.
  • Over-provision capacity so spikes don’t immediately overwhelm you.
  • Have a response plan with your hosting/ISP for large attacks.

Resources like Cloudflare’s DDoS guidance and the US CISA cover this in depth.

What it means for everyday users

You won’t be the target of a DDoS, but your devices could be conscripted into a botnet. Protect them the usual way: keep software updated, change default passwords on routers and smart devices, and run anti-malware — basic cybersecurity hygiene that also keeps you from becoming part of the problem.

The bottom line

A DDoS attack overwhelms a service with floods of traffic from many compromised devices at once, taking it offline rather than stealing data. Defences centre on absorbing and filtering that traffic — CDNs and DDoS-protection services, rate limiting, and a WAF for application-layer attacks. Everyday users mainly help by securing their devices so they can’t be drafted into the botnets that power these attacks.

FAQs

  • A DDoS attack floods a website or server with huge amounts of fake traffic from many devices at once, so it can't serve real users. The aim is to knock the service offline rather than to steal data.
  • A DoS attack comes from a single source, which is relatively easy to block. A DDoS attack comes from many sources at once — usually a botnet of compromised devices — so there's no single origin to filter, making it much harder to stop.
  • Attackers infect many computers and IoT devices with malware to form a botnet they control. On command, all those devices send traffic to the target simultaneously, overwhelming its capacity so legitimate requests can't get through.
  • Organisations use CDN and DDoS-protection services to absorb and filter traffic, apply rate limiting, deploy a web application firewall for application-layer attacks, and over-provision capacity. Having a response plan with your host or ISP is important for large attacks.
  • No — a DDoS attack aims to make a service unavailable, not to steal data. However, it's sometimes used as a distraction for other attacks, and your own devices can be hijacked into the botnet, so keeping them secure still matters.