DDoS & Network Attacks
Understand distributed denial of service attacks and defense strategies
What is a DoS Attack?
DoS (Denial of Service) is an attack that makes a website or service unavailable by overwhelming it with traffic. Think of it like this:
- Normal: A store serves customers one at a time
- DoS Attack: One person floods the store with fake orders, blocking real customers
How it works:
- Attacker sends massive amounts of requests to a server
- Server tries to respond to all requests
- Server becomes overwhelmed and crashes or slows down
- Real users can't access the service
DoS vs DDoS: What's the Difference?
DDoS (Distributed Denial of Service) is a DoS attack from MANY sources at once!
- DoS: Single attacker → One source → Easier to block
- DDoS: Thousands of attackers → Many sources → Much harder to stop
💥 Interactive DoS vs DDoS Comparison
Watch how a server handles normal traffic, a DoS attack, and a massive DDoS attack!
Traffic Sources
Web Server
Scenario Information
Normal traffic: 50 requests per second from legitimate users. Server handles this easily!
How Botnets Work
Most DDoS attacks use botnets - networks of infected computers controlled by hackers.
Botnet Creation Process:
- Infection: Malware spreads to computers, phones, IoT devices
- Control: All infected devices connect to Command & Control (C&C) server
- Activation: Hacker sends command to all bots simultaneously
- Attack: Thousands/millions of devices attack target at once
Famous Botnet Attacks:
- Mirai (2016): 600,000 IoT devices attacked Dyn DNS, took down Twitter, Netflix, Reddit
- GitHub (2018): 1.35 Tbps attack - largest at the time
- AWS (2020): 2.3 Tbps attack - current record
🤖 Interactive Botnet Visualization
Watch how a botnet grows and launches a coordinated attack!
Activity Log
Click "Start Infection" to begin...
Types of DDoS Attacks
- Volume-Based: Flood with massive amounts of traffic (UDP flood, ICMP flood)
- Protocol-Based: Exploit weaknesses in network protocols (SYN flood, Ping of Death)
- Application-Layer: Target specific applications or services (HTTP flood, Slowloris)
- Amplification: Use third-party servers to multiply attack traffic (DNS amplification, NTP amplification)
Defense Strategies
Organizations use multiple layers of defense to stop DDoS attacks:
- Rate Limiting: Limit requests per IP address (e.g., max 100/second)
- IP Blacklisting: Block known malicious IP addresses
- Traffic Analysis: Detect abnormal patterns and block suspicious sources
- CDN/Cloud Protection: Distribute traffic across many servers (Cloudflare, Akamai)
- Firewall Rules: Filter traffic based on rules and patterns
- Redundancy: Multiple servers so if one goes down, others keep running
🛡️ Interactive Defense Simulator
Implement defenses to protect your server from attack!
Incoming Attack!
Enable Defenses:
Legal & Ethical Considerations
Launching DDoS attacks is ILLEGAL and can result in:
- Federal prison time (up to 10 years)
- Massive fines (hundreds of thousands of dollars)
- Criminal record that affects future career
- Civil lawsuits from affected companies
Even "testing" on services you don't own is a crime!
Real-World Impact
DDoS attacks have serious consequences:
- Financial: Companies lose millions in revenue during downtime
- Healthcare: Hospitals can't access patient records during attacks
- Education: Schools can't conduct online classes
- Gaming: Players can't access games they paid for
- Banking: Customers can't access their money online
Key Takeaways
- ✅ DoS = single attacker; DDoS = many attackers (usually a botnet)
- ✅ Botnets are networks of infected devices controlled by hackers
- ✅ DDoS attacks overwhelm servers with traffic, making them unavailable
- ✅ Defenses include rate limiting, CDNs, firewalls, and traffic analysis
- ✅ Launching DDoS attacks is illegal and has serious consequences
- ✅ Understanding attacks helps you defend against them professionally