A Distributed Denial of Service (DDoS) attack is a type of cyber-attack in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites. In a DDoS attack, the incoming traffic flooding the victim originates from many different sources, often from thousands of hosts infected with malware. The malicious traffic comes from a variety of different IP addresses, often the members of a botnet, making the attack more difficult to defend against and enables the attackers to generate a larger volume of malicious traffic than a single system can generate on its own.

DDoS attacks are designed to force a website, computer, or online service offline by consuming its capacity and rendering it unable to respond to legitimate requests. The targeted organization experiences a crippling interruption in one or more of its services because the attack has flooded their resources with HTTP requests and traffic, denying access to legitimate users. DDoS attacks are ranked as one of the top four cybersecurity threats of our time, amongst social engineering, ransomware, and supply chain attacks.

DDoS attacks fall under three primary categories: volumetric attack, protocol attack, and resource layer attack. A volumetric attack overwhelms the network layer with what, initially, appears to be legitimate traffic. This type of attack is the most common form of DDoS attack. An example of a volumetric attack is DNS (Domain Name Server) amplification, which uses open DNS servers to flood a target with DNS response traffic.

In summary, a DDoS attack is a malicious attempt to disrupt normal traffic to a web property by flooding it with traffic from multiple sources, making it difficult for legitimate users to access the service.