DDoSPedia is a glossary that focuses on network and application security terms with many DDoS-related definitions. It provides a central place for hard to find web-scattered definitions on this topic.
Distributed Denial of Service attacks or DDoS attacks are a variant of Denial-of-Service attacks where an attacker or a group of attackers employ multiple machines to carry out a DoS attack simultaneously, therefore increasing its effectiveness and strength. The "army" carrying out the attack is mostly often composed of innocent infected zombie computers manipulated as bots and being part of a
botnet controlled by the attacker via a Command and Control Server. A botnet is powerful, well coordinated and could count millions of computers. It also insures the anonymity of the original attacker since the attack traffic originates from the bots' IPs rather than the attacker's. In some cases, mostly in ideological DDoS attacks, this "army" could also be composed of recruited hackers/hacktivits participating in large distributed denial of service attack campaigns (
Operation Payback etc.).
DDoS attacks are hard to detect and block since the attack traffic is easily confused with legitimate traffic and difficult to trace.
There are many types of DDoS attacks targeting both the network and the application layers. They could be classified upon their impact on the targeted computing resources (saturating bandwidth, consuming server's resources, exhausting an application) or upon the targeted resources as well: