DDoS attacks explained

I’m excited to be bringing you guys a new lightboarding video that focuses on DDoS (distributed denial of service) attacks. In the video, I’m going to define the term, explain how a DDoS attack affects your application or user experience, and demonstrate how an attacker uses a botnet to create so much traffic that normal users are unable to get through the congestion.

I hope you enjoy the video, and stay tuned for more! If you have any questions or comments, drop a note in the comments on YouTube and we’ll make sure to answer.

Learn more

• IBM Cloud Internet Services

• Learn – Networking: A Complete Guide

• Full playlist of all our lightboarding videos

Video Transcript

What is a DDoS attack?

Hi, I’m Ryan Sumner, Chief Network Architect with IBM Cloud. Today, I’m gonna give you the basics of a DDoS attack.

Definition of a DDoS attack

A DDoS attack is an attempt by an attacker to create so much traffic or congestion to a target application or an internet application that it impedes the traffic flow for normal visitors.

Effects of a DDoS attack

So, what the normal visitors might see, or the owner of the application might see as a result of a DDoS attack being impeded upon them—they might see a drastic reduction in speed, they might see a complete outage, or they’ll see some unexplained consequences that they don’t normally see within their day-to-day operations. 

How normal traffic flows

So, to demonstrate this a bit more, I’ll show you how normal traffic flows from users on the internet to the target server using its internet connection here.

So, we’ll have normal Internet users here.

We’ll have the clean traffic that comes through the internet and traverses through the connection from the internet to the target server. So, this traffic flows just perfectly fine, with no slowdown or there’s no constriction on that traffic flow.

How does an attacker create the attack?

So, how does an attacker create so much traffic that it causes an inability for this clean traffic to flow from the internet to the target server through its connection. 

So does the attacker just have that many friends? Usually not. And he’s not gonna pick up the phone and say, “Jump on your computer, and now let’s all attack this target server.” 

He’s done his homework, and he has access to a collection, or a network, of attacked or hacked or compromised computers across the internet. Sometimes these might be IoT devices, they might be people’s computers, they might be other servers on the internet. But, all of these attacked or compromised computers are at the control of the attacker and we call that network a “botnet.”

The botnet

The reason it’s called a botnet is because now the attacker can remotely control this network of hacked computers almost like their robots. And the attacker can tell that botnet what to do, and exactly for how long, and exactly where he wants to do it. 

So, the attacker, when they’re ready to start the attack, will call on all of these hacked computers—or robots—within the botnet and start to generate traffic from all of these systems over the internet.

Botnet creates congestion and impedes normal users

Now, what ends up happening is we create congestion through this pipe that’s coming from the internet to the target server. So, as this congestion is occurring—and this never stops, right?—they’ve created so much congestion across it.

And the amount of time that the botnet that is being executed continues to exceed and these internet users are continuing to attempt to come in. However, the pipe is so congested that they can no longer enter the roadway.

So, this is the basics of a DDoS attack.

So, if your application is slow, you’re experiencing downtime, or just other odd behavior you might be under a DDoS.