What is a DDOS attack and how do we protect against DDOS attacks?

DDOS attacks were historically targeted at large corporates, governments, educational bodies and other big institutions. In 2025 DDOS attacks have become much more common at SME level and more aggressive using AI tools to automate and target the attacks.

Its time for the SME community to take notice and put preventions in place where they can.

What is a DDoS attack?

A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a targeted server, firewall or network by overwhelming it with a flood of internet traffic from multiple compromised computer systems, often referred to as a botnet. The primary goal is to make the online service unavailable to legitimate users.

How DDoS Works:

1. Botnet Creation: Attackers typically build a network of infected computers or devices (bots) by spreading malware. These compromised devices can be controlled remotely without their owners’ knowledge. Unsupported operating systems e.g. Win 7 or Win 8 computers are easy targets.
2. Implementation: The attacker, or “botmaster,” commands the botnet to send a massive volume of traffic or requests to the target’s IP address simultaneously.
3. Overwhelming the Target: This flood of traffic overwhelms the target’s resources, such as bandwidth, processing power, or firewall router connection volumes. As a result, legitimate users experience extremely slow service or are unable to access their servers or resource at all.

In effect the DDoS attack is like a blocked plug hole in a sink, nothing can get through because all the capacity is being used.

Some of the more Common Types of DDoS Attack include:

These examples are quite technical in nature so please contact your IT team if you would like a simple summary.

1. Volume overload attacks – targeting bandwidth:

These are the most common type and aim to consume all available bandwidth between the target and the internet, flood the system. They are measured in bits per second (bps) or gigabits per second (Gbps). Examples include: UDP floods, ICMP (Ping) floods & DNS floods.

DNS flooding is often used to target SME’s where the attacker sends small queries to open Domain Name System (DNS) servers, spoofing the target’s IP address. The DNS servers then send responses, and this rapidly exhausts computing resources and requires good technical skills and experience to diagnose quickly.

2. Protocol attacks – targeting servers and firewalls:

These attacks focus on consuming the server resources or the resources of network equipment like firewalls and load balancers by exploiting vulnerabilities in network protocols (Layer 3 and Layer 4 of the OSI model). They are measured in packets per second (PPS). Examples include Ping of Death, IP/ICMP attacks & synchronised flooding.

Synchronised flooding involves sending a large number of TCP synchronise requests with spoofed IP addresses. The server keeps connections open, waiting for the final acknowledgment packets that never arrive, eventually exhausting connection capacity.

3. Application attacks – targeting web applications:

These attacks target the web applications, APIs, and other application protocols. They aim to crash the web server by making what appear to be legitimate requests but in overwhelming numbers. Examples include HTTP flooding & open connection attacks.

Open connection attacks keep as many connections to the target web server open for as long as possible by sending partial HTTP requests, eventually exhausting the server’s maximum concurrent connection limits.

Why do criminals create DDoS attacks?

Criminals have many different motivations for launching DDoS attacks:

• Cyberwarfare: State-sponsored attacks targeting the infrastructure of other nations.
• Financial ransom – demand payment to stop an ongoing attack or threaten an attack if a ransom isn’t paid.
• Hacktivism: Individuals or groups launch attacks to promote a political or social agenda, protest, or raise awareness.
• Competitive sabotage or simulated competitive sabotage: Businesses might attack competitors to disrupt their services and gain a market advantage. Criminals may want to create these situations just to see what happens!
• Reputation damage: Attacks aimed at damaging the image and credibility of an individual, organization, or brand.
• Distraction attack: DDoS attacks can be used to divert the attention of security teams while other malicious activities, like data breaches or network intrusions, are carried out.

It could just be as simple as a disgruntled ex-employee!!

The business impact of DDoS attacks:

The consequences of a successful DDoS attack can be severe:

• Service unavailability: Legitimate users cannot access the targeted website or online service.
• Financial losses: Resulting from downtime, lost sales, recovery costs, and potential regulatory fines.
• Reputation damage: Loss of customer trust and credibility.
• Operational disruption: Affecting employee productivity if internal systems are impacted.
• Diversion of IT resources: IT teams must focus on mitigating the attack instead of other critical tasks, this could open the company to other risks.

DDoS Mitigation Techniques:

Defending against DDoS attacks requires a multi-layered approach, here are some of the key steps to prevent or prepare for DDoS attack:

• Incident response plan: having a well-defined plan to quickly detect, respond to, and recover from DDoS attacks.
• Web application firewalls (WAFs): filter, monitor, and block malicious HTTP/S traffic to and from a web application.
• IP source rate limiting by controlling the amount of traffic a server accepts from a particular source within a specific time period.
• Traffic filtering: where incoming traffic is analysed. Malicious traffic is identified and quarantined, while clean traffic is passed on to the target server.
• IP filtering/blocking: Blocking traffic from known malicious IP addresses or entire geographic regions.
• Content delivery networks (CDNs): segregate website content across multiple servers in different geographical locations. This helps absorb large volumes of traffic and makes it harder for attackers to overwhelm a single origin server.
• Network monitoring: continuously analysing traffic patterns to identify unusual activity that might indicate an attack. AI and machine learning are increasingly used for this.
• Resilient bandwidth: having more bandwidth than typically needed can help absorb smaller attacks.
• Cyber insurance: have in place a suitable cyber insurance policy to cover for the remediation and recovery from a DDoS attack or any other cyber security attack.

Summary & Action

In summary, a DDoS attack is a serious cyber threat that leverages the power of distributed, compromised systems to deny access to online services, causing significant disruption and damage. Understanding how they work and implementing robust mitigation strategies are crucial for any organisation with an online presence (websites, email, cloud servers, cloud applications etc.)

Please contact us here or your Greenlight Computers relationship manager for further information or to setup a consultation with a cyber security specialist.