What is a DDoS attack?

Cyberthreats can harm your business—both online and offline—in a variety of ways. Learn more about DDoS attacks and how to prevent them.

DDoS attacks defined

A distributed denial-of-service (DDoS) attack targets websites and servers by disrupting network services. A DDoS attack attempts to exhaust an application’s resources. The perpetrators behind these attacks flood a site with errant traffic, resulting in poor website functionality or knocking it offline altogether.

These types of attacks are on the rise: In the first half of 2021, Azure Networking reported a 25 percent increase in DDoS attacks compared to Q4 in 2020. From there, Azure mitigated upwards of 359,713 unique attacks against its global infrastructure during the second half of 2021—a 43 percent increase from the first half of the year.

DDoS attacks are wide-reaching, targeting all sorts of industries and companies of all sizes worldwide. With that stated, certain industries, such as gaming, ecommerce, and telecommunications, are targeted more than others. DDoS attacks are some of the most common cyberthreats, and they can potentially compromise your business, online security, sales, and reputation.

How DDoS attacks work

During a DDoS attack, a series of bots, or botnet, floods a website or service with HTTP requests and traffic. Essentially, multiple computers storm one computer during an attack, pushing out legitimate users. As a result, service can be delayed or otherwise disrupted for a length of time.

It’s possible that hackers can also infiltrate your database during an attack, accessing all kinds of sensitive information. DDoS attacks can exploit security vulnerabilities and be targeted at any endpoint that is reachable, publicly, through the internet.

Denial-of-service attacks can last hours, or even days. These cyber assaults can also cause multiple disruptions throughout a singular attack. Both personal and business devices are susceptible to them.

Types of DDoS attacks

There are several different types of DDoS attacks. In general, a DDoS attack falls under three primary categories: volumetric attack, protocol attack, and resource layer attack.

  1. A volumetric attack overwhelms the network layer with—what, initially, appears to be legitimate—traffic. This type of attack is the most common form of DDoS attack. An example of a volumetric attack is DNS (Domain Name Server) amplification, which uses open DNS servers to flood a target with DNS response traffic.
  2. A protocol attack causes a service disruption by exploiting a weakness in the layer 3 and layer 4 protocol stack. A SYN attack, which consumes all available server resources (thus making a server unavailable), is an example of such an attack.
  3. A resource (or application) layer attack targets web application packets and disrupts the transmission of data between hosts. Examples of this type of attack include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks.

Cyber-attackers might use one or multiple types of attacks against a network. For instance, an attack might start off as one class of attack and then morph into or combine with another threat to wreak havoc on a system.

Additionally, there are a variety of cyberattacks within each category. The number of new cyberthreats is on the rise, and expected to climb, as cybercriminals become more sophisticated.

If you suspect your network is under attack, it’s important that you act fast—on top of downtime, a DDoS attack can leave your organization vulnerable to other hackers, malware, or cyberthreats.

How to detect and respond to a DDoS attack

While there’s no one way to detect a DDoS attack, there are a few signs your network is under assault:

  • You see a surge in web traffic, seemingly out of nowhere, that’s coming from the same IP address or range.
  • You experience slow or irregular network performance.
  • Your website, online store, or other service goes completely offline.

Modern software solutions can help determine potential threats. A network security and monitoring service can alert you to system changes so that you can respond quickly.

You also want to have a DDoS-attack action plan—with defined roles and procedures—so your team can take swift and decisive action against these threats. It’s important to remember that not all DDoS attacks are the same; you’ll need different response protocols in place to mitigate different attacks.

How to prevent DDoS attacks

Before a cyberthreat is on your radar, you need to have a process for one in place. Preparedness is key to promptly detecting and remedying an attack.

You want to:

  • Develop a denial-of-service defense strategy to help detect, prevent, and reduce DDoS attacks.
  • Identify gaps in security and assess potential threats to your setup.
  • Update any protection software or technology and ensure it’s working correctly.
  • Get your team on board and assign roles in the event of an attack.

It’s essential that you boost your efforts with products, processes, and services that help you secure your business. That way, once a threat is detected, your team is knowledgeable and empowered to act on it.

DDoS protection

Guard your network against future attacks. To help secure your business:

  • Conduct a risk analysis on a regular basis to understand which areas of your organization need threat protection.
  • Organize a DDoS-attack response team whose focus is to identify and mitigate attacks.
  • Incorporate detection and prevention tools throughout your online operations, and train users on what to look out for.
  • Evaluate the effectiveness of your defense strategy—including running practice drills—and determine next steps.

DDoS attack protection comes in many forms—from online resources to monitoring software to threat-detection tools. Learn how to thwart malicious attacks with the help of industry-leading, trusted Microsoft security experts.

Minimize your risk of a DDoS attack

Through securing your clouds and platforms, integrated security tools, and rapid response capabilities, Microsoft Security helps stop DDoS attacks across your entire organization.

Secure your organization online

Cyberthreats like DDoS attacks and malware can harm your website or online service, and negatively affect functionality, customer trust, and sales.

Detect, defend, and secure your organization. With integrated threat protection products and expert resources, you can better protect your business, online operations, and sensitive data. Learn more.

Stay vigilant against threats

DDoS attacks are prevalent and cost businesses anywhere from thousands to even millions of dollars a year. With proper planning, solid resources, and trusted software, you can help minimize your risk of attack.

Stop security breaches

Stay two steps ahead. Protect against threats across devices—and identities, apps, email, data, and cloud workloads—and learn how to close gaps.

Secure your platforms, get leading security tools, and empower rapid response.

Embrace Zero Trust

Adapt to the complexity of the modern environment. Adopt Zero Trust solutions to inform your strategy and gain important insights.

Develop a strategy

Secure your organization. Create a DDoS defense strategy to detect and prevent malicious threats from harming your operation online.

Explore valuable resources

Frequently asked questions


When it comes to a DDoS attack, any size organization—from small to large and every size in between—is susceptible to cyberattacks. Even AWS thwarted a major attack in 2020.


Businesses with security gaps or vulnerabilities are especially at risk. Make sure you have updated security resources, software, and tools to get ahead of any potential threats. It’s essential for all businesses to protect their websites against DDoS attacks.

An example of a DDoS attack would be a volumetric attack, one of the largest categories of DDoS attacks. In this type of attack, a cybercriminal overwhelms a website with illegitimate traffic. As a result, the website might slow down or stop working, edging out real users who are trying to access the site.


On top of slow or otherwise disrupted service, DDoS attacks can negatively affect online security, brand trust, and sales.

No, a firewall alone is typically not enough to stop a DDoS attack. A firewall acts as a protective barrier against some malware and viruses, but not all of them. A firewall is helpful in protecting your computer against cyberthreats but can only offer so much protection. Therefore, it’s important that you incorporate other threat detection, prevention, and protection tools.

Cybersecurity refers to the people, software, tools, and processes that go into protecting networks, computers, and other cyberspace operations. This expansive field aims to protect users from malicious, illegal, or unauthorized access, as well as thwart DDoS attacks, malware, and viruses.

A DDoS attack can last anywhere from a couple of hours to a couple of days. One attack might last four hours, while another might last a week (or longer). DDoS attacks can also happen once or repeatedly over a period of time and consist of more than one type of cyberattack.

An Application Layer 7 attack is an example of a resource (application) layer attack. This type of cyber assault targets the top layer in the OSI (Open Systems Interconnection) model, attacking target web application packets to disrupt the transmission of data between hosts.