A Beginner’s Guide to DDoS Attack and Protection

A Beginner’s Guide to DDoS: Mechanics, Attack Types, and Protection

In the current Australian cyber threat landscape, availability is just as important as confidentiality. While data breaches make headlines, Distributed Denial of Service (DoS) attacks can silently cripple a business, costing thousands of dollars in lost revenue per minute.

For IT managers and business owners, the question isn't just "what is it?"—it is effectively asking, "how do you DDoS proof a network?" To answer that, we must first understand the mechanics of the attack itself.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Think of it like a physical shop entrance. If one person stands in the doorway (a standard DoS attack), security can easily remove them. But if a large number of people crowd the door simultaneously, blocking legitimate customers from entering, the shop effectively ceases to function.

In the digital world, the goal is to send so much "junk" traffic that the server cannot process legitimate traffic, causing the site to slow to a crawl or crash completely.

The Mechanics: How Do You DDoS a Modern Network?

When people search for "ddos attack how to" or "how to dos," they are usually trying to understand the architecture behind these massive assaults.

A standard DoS attack typically comes from a single source. However, a DDoS attack relies on a network of compromised machines, known as a botnet.

  1. Recruitment: Attackers infect thousands of vulnerable computers, servers, and increasingly, IoT devices (like smart cameras and routers) with malware.

  2. Command and Control (C2): The attacker controls these infected devices remotely.

  3. The Attack: The attacker sends a command to the botnet. Suddenly, thousands (or millions) of devices send a request to the attack targets simultaneously.

Because the traffic comes from legitimate devices distributed across the globe, distinguishing the bad traffic from the good is incredibly difficult.

Common Types of DDoS Attacks

Not all attacks are the same. Understanding the types of attack is critical for selecting the right DDoS protection. They generally fall into three categories:

1. Volumetric Attacks

These are the most common. The goal is to consume the bandwidth of the target site.

  • UDP Floods: Attackers send vast amounts of UDP packets to random ports on the host. The host checks for the application listening at that port, finds none, and replies with an "ICMP Destination Unreachable" packet, exhausting its resources.

  • DNS Amplification: This effectively explains "how to dos" with efficiency. The attacker sends a small request to a third-party server with a spoofed IP address (the victim's IP). The server sends a massive response to the victim, amplifying the traffic volume significantly.

2. Protocol Attacks (State-Exhaustion)

These attacks target the connection state tables in firewalls and load balancers.

  • SYN Flood: The attacker sends a succession of SYN requests (the first part of a TCP handshake) in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

3. Application Layer Attacks (Layer 7)

These are the most insidious. They don't target bandwidth; they target the web server itself.

  • HTTP Floods: The attacker sends what looks like legitimate HTTP requests (e.g., "GET /index.html" or "POST /login"). Because generating the page requires processing power from the server and database, a large number of these requests can crash the database, even with low bandwidth usage.

The Motivation: Why Attackers Do It

Why would someone expend resources to crash your site?

  • Extortion: This is rising in Australia. Attackers demonstrate a small attack, then demand a ransom to stop a larger one.

  • Smoke-Screening: Attackers use DDoS to distract your security team while they perform a more subtle data breach or injection attack elsewhere.

  • Business Competition: Unscrupulous competitors may hire "DDoS-for-hire" services to take your site offline during peak sales periods.

Aim of DDoS Attackers.png

Protection Strategies: How to Defend Your Infrastructure

To mitigate these threats, relying on a simple firewall is no longer enough. You need a multi-layered strategy.

Rate Limiting

Rate limiting restricts the number of network traffic requests a user can make within a specific timeframe. While this helps against simple scripting attacks, it often fails against complex botnets that rotate IP addresses.

Web Application Firewalls (WAFs)

Web Application Firewalls WAFs are essential for stopping application layer attacks. A WAF sits between the internet and your server, inspecting traffic for malicious patterns (like SQL injection or known bot signatures) and blocking them before they reach your database.

Traffic Scrubbing and Cloud Mitigation

For volumetric attacks, on-premise hardware often fails because the pipe simply fills up. Cloud-based DDoS protection services act as a massive filter. They accept all traffic meant for your website, "scrub" the bad requests at their massive data centers, and send only the legitimate traffic to your server.


Understanding "how to dos" or the mechanics of a botnet isn't about learning to hack—it's about learning to survive. As IoT devices proliferate, the scale of distributed denial of service dos attacks will only grow.

Organizations must move beyond reactive measures. You need to baseline your traffic, implement robust WAFs, and regularly stress-test your environment to ensure your defenses actually work when the flood arrives.

Is your infrastructure resilient enough to withstand a DDoS attack? Don't wait for your server to crash to find out. Contact Lean Security today to discuss our stress-testing and web application security services.

Contact us for a quote