DDoS
Definition
Distributed Denial of Service - attack that overwhelms a service with traffic from many sources, disrupting normal operations and causing downtime.
Use Cases
- GitHub: Maintaining availability of a large developer platform during high-volume DDoS attacks — GitHub has publicly described using DDoS mitigation from its network providers and traffic-scrubbing/mitigation partners to absorb and filter malicious traffic before it reaches origin infrastructure. (Improved service resilience and continued availability during major attack events by reducing malicious traffic impact on application servers.)
- Cloudflare: Protecting customer websites and APIs from volumetric and application-layer DDoS attacks — Cloudflare operates a globally distributed edge network that absorbs traffic, applies rate limiting and filtering, and uses automated detection/mitigation to block attack traffic close to its source. (Reduced downtime risk for customers and improved performance by serving and filtering traffic at the edge.)
Provider Equivalents
- AWS: AWS Shield
- Azure: Azure DDoS Protection
- GCP: Cloud Armor
- OCI: OCI DDoS Protection
Frequently Asked Questions
- What's the difference between a DDoS attack and a DoS attack?
- A DoS (Denial of Service) attack usually comes from a single source trying to overwhelm a target. A DDoS (Distributed Denial of Service) attack comes from many sources at once (often a botnet), making it harder to block because the traffic is spread across many IPs and locations.
- When should I use DDoS protection?
- Use DDoS protection if your service is internet-facing (websites, APIs, gaming, e-commerce, SaaS), if downtime would be costly, or if you’ve seen suspicious traffic spikes. It’s especially important when you run behind public load balancers, have fixed bandwidth limits, or must meet availability/security requirements.
- How much does DDoS protection cost?
- Costs depend on the provider and the level of protection. Some baseline DDoS defenses are included with cloud platforms, while advanced tiers add monthly fees and may include features like enhanced detection, cost protection, and response support. You may also pay indirectly for attack traffic via bandwidth, load balancer, or logging/monitoring charges, so pricing factors include traffic volume, protected resources, and whether you need advanced WAF/rate-limiting features.
Category: security
Difficulty: intermediate
See Also