What Is a DDoS Attack? Types, Symptoms and Enterprise Defenses (In Depth)
How does a DDoS attack take down your systems? Volumetric, protocol and application layer (L7) attacks, botnet logic, symptoms and layered defenses like CDN, scrubbing, rate limiting and WAF, with CISA and ENISA sources.
What Is a DDoS Attack? Types, Symptoms and Enterprise Defenses (In Depth)
Quick answer: A DDoS (Distributed Denial of Service) attack floods a website or service with fake traffic from thousands of hijacked devices so real users cannot be served. The goal is not to steal data but to destroy availability: the site slows, then falls, and every minute means lost revenue and reputation. A single server or basic firewall cannot stop it, because the problem is the volume and distribution of traffic. Defense is layered: CDN/scrubbing, rate limiting, WAF and upstream provider filtering. DSET assesses your resilience and implements protection: +90 536 662 38 09.
DoS vs DDoS and botnet logic
DoS comes from one source and is easy to block. DDoS comes from thousands, often a botnet of malware infected PCs, servers and especially unprotected IoT devices. Distribution makes "block the bad IP" useless. CISA and ENISA list DDoS among the most common, cheaply rentable ("booter" services) and damaging attacks.
Three main types
| Type | How it works | Target | Example |
|---|---|---|---|
| Volumetric | Fills the link with fake traffic | Your bandwidth | UDP flood, DNS/NTP amplification |
| Protocol | Exhausts resources via protocol weakness | Firewall, LB, server | SYN flood |
| Application (L7) | Triggers expensive operations with little traffic | The web app | HTTP flood |
L7 is sneakiest: low traffic looks legitimate but each request triggers an expensive server operation.
Symptoms (diagnose without panic)
- Sudden, unexplained extreme slowdown.
- Unusual request volume from a specific IP range/geography.
- Server resources spiking instantly.
- Rising timeouts and 503 errors.
Not every slowdown is DDoS; a viral post or misconfiguration can also cause spikes. Analyze the traffic pattern so you do not block real customers.
Layered defenses
- CDN and scrubbing absorb and clean volumetric attacks upstream.
- Rate limiting slows L7 and brute force.
- WAF filters app layer attacks and bad bots.
- Anycast network spreads load across data centers.
- Incident response plan defined and drilled in advance.
DDoS can be a smokescreen
Attackers use DDoS as noise while the real intrusion happens elsewhere, so monitoring and SOC should increase during an attack.
FAQ
Can a small company be a target?
Yes; DDoS is rented cheaply by the hour. Competitors, extortion or random attacks hit small businesses.
Does a firewall stop DDoS?
Traditional firewalls often fail against volumetric DDoS and may be the first to fall; you need upstream protection.
What to do during an attack?
With a plan, steps take minutes: contact your CDN/host, enable "under attack" mode, tighten rate limiting and WAF, preserve logs.
Does protection slow the site?
A good CDN usually speeds the site by serving content closer to users.
Reach us for a resilience assessment: our DDoS protection or +90 536 662 38 09.
Sources
Kimliğinizi doğrulayın
Yetkilendirilmiş erişim alanı. Tüm giriş denemeleri kayıt altına alınır.