DDoS attacks: What are they and how can you prevent them?

man glasses jacket

DDoS attacks are on the rise, but following smart online safety guidelines can greatly reduce your risk.


More than 50 million customers trust Norton with their personal information.

Your partner against cyber threats. Norton 360™ with LifeLock™, all-in-one protection against evolving threats to your connected devices, online privacy and identity.

Try Norton 360 with LifeLock. Post, bank and shop from your device. We’ll keep it secure.

A Distributed Denial-of-Service (DDoS) attack is what happens when a hacker uses an army of malware-infected devices to launch a co-ordinated attack on a website, server, or network. When you hear that a website has been taken down by hackers, the chances are that a DDoS attack has been used to do it.

The aim of a DDoS attack is to overwhelm a site with too much traffic or to overload your system with too many requests until something eventually crashes. The hacker does this with a botnet, which is a network of devices or ‘zombie computers’ that the hacker has infected with malicious software that allows them to be remotely controlled.

So a single hacker can then turn this army of devices on a chosen target and use them to overwhelm it, often without the knowledge of the people who actually own those devices. Your phone, computer or smart TV could be part of an attack and you’d be none the wiser.

When messaging app Telegram was DDoSed, it tweeted a fitting analogy for a DDoS attack.

“Imagine that an army of lemmings just jumped the queue at McDonald's in front of you – and each is ordering a whopper," Telegram tweeted. "The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can't even see you to try and take your order.”

So even if it doesn’t cause your site to crash, a DDoS attack can prevent your site or network from being able to handle requests from legitimate sources.

How does a DDoS attack work? 

DDoS attacks have been around since the mid-nineties and they’re now more common and more powerful than they’ve ever been. The Digital Attack Map gives you a chance to see how many DDoS attacks are taking place in real time all across the globe. It is updated hourly and demonstrates just how common this cybercrime has become.

A basic Denial-of-Service (DoS) attack simply sends a request to a site from a single source, which can consume the resources of the targeted site. However, it can be relatively easy to defend against. Once a hacker has created a botnet by infecting hundreds or thousands of devices with malware, the odds are dramatically changed in their

A DDoS attack can see thousands of devices submitting incoming messages, requests for connections or fake packages to a target. This amplification effect is what makes these cyberattacks so scary. You can’t defend it by simply blocking traffic from a single machine. If a DDoS attack is successful, the targeted server, service, website or
network will crash.

Different types of DDoS attacks

Hackers use different types of DDoS attacks but they can also use a combination of cyberattacks in a single campaign to cause maximum disruption. Here are some of the most common types.

Volume-Based Attacks:

These common attacks flood a site with a high volume of packets or connections, overwhelming its bandwidth, network equipment or servers until it is unable to process the traffic and it collapses. Examples include UDP (User Datagram Protocol) Floods, ICMP (Internet Control Message Protocol) Floods, and other Spoofed-Packet

One common example is a Fragmentation Attack, which exploits vulnerabilities in the datagram fragmentation process. This process sees IP datagrams be divided into smaller packets, transferred to a network, and then reassembled. These cyberattacks overwhelm the server with fake data packets that can’t be reassembled.

Protocol Attacks:

These attacks target network resources and overwhelm servers, firewalls or load balancers. Examples include SYN (short for “synchronise”) Floods, UDP Floods, and TCP (Transmission Control Protocol) Connection Exhaustion.

For example, SYN Floods exploit a vulnerability in the TCP connection sequence commonly referred to as the three-way handshake connection with the host and the server. The targeted server receives a request to begin the handshake but this handshake is never completed, leaving the port unable to process further requests. The hacker then sends more requests to overwhelm all open ports.

Application Attacks:

These more sophisticated attacks exploit vulnerabilities in the application or server software and can be more difficult to detect than attacks that focus on your network. Examples include HTTP Floods and HTTPS Floods.

The victim’s applications are targeted with slower attacks that can seem like legitimate requests until it is too late, by which time the application is overloaded and unable to respond. Skilled attackers will often use other types of cyberattacks as a decoy for these powerful application attacks.

What is an example of a DDoS attack?

DDoS attacks can be carried out by a script kiddie who simply wants to test their hacking skills, as part of an anti-competition attack on behalf of a competitor, or as part of an extortion scheme – an increasingly popular option with cybercriminals. DDoS attacks have also been used to launch politically-motivated attacks.

The first-recorded DDoS attack took place in 1996 but it was a DDoS attack that was carried out by a 15-year-old in 2000 that caused everyone to sit up and pay attention. Michael Calce, AKA Mafiaboy, hacked into the networks of various universities before using their servers to crash a series of major websites that included Amazon, CNN, Yahoo and eBay. The cybercrime led the sitting President Bill Clinton to establish a cybersecurity group to deal with these types of cyberthreat.

More recently, cybercriminals have started using DDoS attacks as an extortion tactic, with some hackers sending a ransom demand before launching a small attack to demonstrate their capabilities. Other hackers demand a ransom to stop an attack on a target.

ProtonMail, a Swiss encrypted email provider, paid over $6000 in Bitcoin to hackers in 2015 after its site was taken down by hackers using a combination of different DDoS attacks. The cyberattack continued even after the ransom was paid, proving why it is not recommended to pay these ransoms.

Hackers are constantly looking for new vulnerabilities and some have exploited the rise of the Internet of Things (IoT) to create powerful botnets. The fearsome 2016 Dyn attack used Mirai malware to create a botnet from smart TVs, printers, baby monitors, cameras and other IoT devices, which aren’t as well-secured as home computers.

The cyberattack was able to take out the sites of online giants like Twitter, Amazon, Netfllix and Paypal. After the author of the software published the source code for Mirai on different hacking forums, allowing other hackers to use it to create their own versions of the malware.

DDoS attacks are also becoming more powerful, with the largest DDoS attack of all time directed at Amazon Web Services in February 2020. It lasted three days and had a volume of 2.3Tbps at its peak. Prior to that, the largest recorded attack peaked at 1.7Tbps.

Hacktivists have even used DDoS attacks as a way of cyber-protesting and this development ushered in the concept of the opt-in botnet. Anonymous crowdsourced a botnet to take down sites belonging to MasterCard and others in 2010, with individuals willingly allowing their devices to be used in the cyberattack.

It’s not just websites that can be disrupted by this type of cyberattack, with DDoS attacks also being used against online gaming service providers.

You don’t even need to be a hacker to carry out a DDoS attack anymore, with botnets now being created by cybercriminals and sold or leased on the dark web. With ready-to-go DDoS kits reportedly available for as little as $10 an hour, it’s no surprise that this type of cyberattack is becoming more common.

How can I tell if I am being DDoSed?

It can sometimes be difficult to tell if you are being targeted by this type of cybercrime but what are the common symptoms of DDoS attacks? It’s important to know the early warning signs that your device is under attack.

Some of the common symptoms of a DDoS attack include:

  • Slow access to files, either locally or remotely
  • Internet disconnection
  • A long-term inability to access a website or a problem accessing all websites
  • Excessive amounts of spam emails

Can you stop a DDoS attack?

Protecting your device against a DDoS attack is difficult but there are some steps you can take to reduce the risk and to mitigate an attack should you become a victim. Prevention is better than cure so it pays to take pre-emptive steps to defend your device against this type of cybercrime.

How can I avoid a DDoS attack?

Having the right security infrastructure and defences in place is the best way to avoid a DDoS attack.

If you are using a Virtual Private Network (VPN), it can mask your IP address, which could help protect your device from becoming a target. Some VPNs also allow you to switch to a remote server at any time, which can be useful if your device is attacked.

Modern DDoS attacks have become increasingly sophisticated and can involve a combination of application attacks, volumetric attacks and authentication-based attacks. We should all secure our IoT devices to take the pawns that could potentially be used in a DDoS attack off the board.

Protecting your devices is an essential part of cybersecurity and can help prevent them from being utilised in these malicious attacks.

What should I do if my device comes under DDoS attack?

If you experience any of the common symptoms listed above, you will want to rule out any issue with your network.

Turn your computer off and unplug your network cable and your modem or router. Plug everything back in ten minutes later and if it is still not working contact your ISP for support. You may need to reset your IP or get a new IP address but your provider can help with that.

The good news is that DDoS attacks don’t last forever and many of them will end after a couple of days. If you have been the victim of an attack, upgrade your security protection as soon as you can. There’s nothing to stop you from being attacked again so it’s vital that you address these issues.

Pay attention to details and stay safe from DDOS attacks

The recent increase in DDoS attacks is obviously a concern but there are things you can do to reduce the risk or exposure.

Review your devices and setup to identify any issues that could leave you exposed, and bookmark this article so you know what to do if you are under attack. Hopefully, it will never be needed but it pays to be prepared.

As with any cybersecurity threat, it’s not enough to just hope that it doesn’t happen to you. It’s easier to prevent a DDoS attack than it is to defend against one once it starts.

New technology is emerging all the time to deal with this cyberthreat, However, no amount of technology can help if you don’t make the effort to stay informed about the cyberthreats that are out there.

The rise of this type of cyberthreats has led to the development of hardware and software options that can offer protection against most DDoS attacks. The key is to identify potential cybersecurity weaknesses that need to be addressed in your system, find the best solutions for you, and ensure that your device has the protection it needs.

There are solutions available that can help protect your device against DDoS attacks and give you peace of mind but the first step to preventing an attack is knowing what you need.

Some of the biggest online threats can hit you when you least expect them so it pays to bulk up your security with a well-rounded solution like Norton 360. It lets you mask your IP address with a VPN, provides protection for your devices with antivirus and helps secure your accounts with a password manager. It takes care of the little things so you can focus on the important things.

More than 50 million customers trust Norton with their personal information.

Your partner against cyber threats. Norton 360™ with LifeLock™, all-in-one protection against evolving threats to your connected devices, online privacy and identity.

Try Norton 360 with LifeLock. Post, bank and shop from your device. We’ll keep it secure.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.