DDoSPedia is a glossary that focuses on network and application security terms with many DDoS-related definitions. It provides a central place for hard to find web-scattered definitions on this topic.
Distributed Denial of Service attacks or DDoS attacks are a variant of Denial-of-Service attacks where an attacker or a group of attackers employ multiple machines to carry out a DoS attack simultaneously, therefore increasing its effectiveness and strength. The "army" carrying out the the distributed denial of service attacks are mostly often composed of innocent infected zombie computers manipulated as bots and being part of a botnet
controlled by the attacker via a Command and Control Server. A botnet is powerful, well-coordinated and could count millions of computers. It also insures the anonymity of the original DDoS attack since the distributed denial of service attack traffic originates from the bots' IPs rather than the attacker's. In some cases, mostly in ideological DDoS attacks, this "army" could also be composed of recruited hackers/hacktivits participating in large distributed denial of service attack campaigns ( Operation Blackout
Distributed denial of services attacks are hard to detect and block since the attack traffic is easily confused with legitimate traffic and difficult to trace.
There are many
types of DDoS attacks
targeting both the network and the application layers. They could be classified upon their impact on the targeted computing resources (saturating bandwidth, consuming server's resources, exhausting an application) or upon the targeted resources as well: