What Is a DDoS Attack and Why Do They Still Work?

In a broad sense, a distributed denial of service (DDoS) is a cyber attack that leverages a botnet consisting of many different devices in order to overwhelm the target with bogus requests and consequently make it unresponsive to legitimate ones.

But as is the case with most attack vectors that are commonly encountered nowadays, the devil is in the detail. Meaning there’s an overwhelming amount of variety to DDoS attacks, whereas new techniques and phenomena are recorded on an almost daily basis.

So, while this article will cover all the bases in order to serve as a good starting point for learning about DDoS attacks, no singular source will teach you everything there is to know about the subject matter at hand. This the case with most cybersecurity topics, though. So you’d do well to try staying up to date if you have more than a passing interest in distributed-denial-of-service attacks.

Is There a Non-distributed Denial-Of-Service Attack?

Kind of, as cybersecurity researchers generally divide DoS attacks into three broad categories: advanced persistent DoS attacks, application layer DoS attacks, and distributed DoS attacks we’re examining in detail herein. Note that the only underlying logic to this division is the incidence of a given technique archetype. Otherwise, a DDoS is defined by its attacker, an ALDoS (more commonly referred to as a layer 7 DoS) by its target, and an APDoS by the attacker’s prep work.

If you dig deeper, you’ll even find mentions of protocol attacks (defined by their targets) and volume-based attacks defined by their strategy, degradation-of-service attacks defined by… ok, you get the picture. In practice, there’s a lot of overlap between all of those definitions. As with many other topics related to hacking, most DDoS knowledge doesn’t fit neatly into any given definition. Primarily because it evolves too fast for typical definitions to keep up.

Why Do DDoS Attacks Still Work After 25+ Years?

According to a late 2004 edition of The Internet Protocol Journal, the world’s first DDoS attack was carried out a quarter of a century ago, in September of ‘96. Its target was New York-based Panix, the third-oldest ISP on the planet.

As for its technique, the so-called SYN flood, it was pretty primitive relative to contemporary solutions. It essentially came down to several hundred (or perhaps just dozens of) clients sending connection requests without waiting for a response. In a pre-DSL world, that was all it took to bring down some network systems.

Yet DDoS attacks have only been gaining momentum in the meantime. Due to that persistent trend, the record for history’s largest DDoS attack is often broken several times in a given calendar year. And the overall annual volume of such hacks is currently close to doubling, according to a 2020 cybersecurity report from Neustar.

Therefore, asking why do DDoS attacks still work is hardly the central question right now. Since from a pure numbers perspective, you could argue that they are working better than ever. The key to their longevity is twofold: the issue comes down to the extremely broad definition of what constitutes a DDoS attack in the first place and the fact that you can’t really make a typical network completely invulnerable to such shenanigans.

Another important factor contributing to the persistence of DDoS attacks is their accessibility. Because launching a primitive SYN flood or something of the sort can be as easy as downloading a few scripts. Provided you know what you’re looking for, that is. The general availability of exploits revolving around low-level DDoS vectors is arguably the sole reason why the term “script kiddie” even exists.

One final thing illustrating how easily achievable DDoS attacks are is the fact that they can even be accidental. If a piece from some obscure website suddenly goes viral on social media or a content aggregator such as Reddit, there’s always the possibility of its servers getting a so-called “hug of death”.

They can consequently begin denying service requests because they’re overwhelmed with legitimate traffic. Even an unsuccessful DDoS attack, intentional or not, has the potential to significantly slow down a given website or online app.

There’s No Such Thing as DDoS Prevention – Only Mitigation

Since it’s not economically feasible to make any given server completely invulnerable to DDoS attacks, guarding against them comes down to mitigation techniques focused on risk management. Most of those are focused on identifying suspect traffic patterns, i.e. requests not made by humans.

In other words, you have DDoS attacks to thank for those annoying CAPTCHAs existing. And while manual DDoS defense mechanisms were also a thing in the past, botnets and other bogus traffic sources have gotten so sophisticated that contemporary DDoS mitigation solutions are pretty much exclusively cloud-based and automated.

Does a VPN Prevent DDoS Attacks?

Yes, a virtual private network can protect you against most types of DDoS attacks. In fact, that’s the main reason we’re digging deeper into this subject matter in the first place. At this point, you should at least have a vague idea of what DDoS attacks are and how they happen. Now, if we add a VPN to the equation… well, everything falls apart from an attacker’s perspective.

Without the ability to resolve your true IP address, the attacker is unable to target your smartphone, tablet, PC, or whatever it is you’re using to access the Internet. Meaning your actual machine cannot be added to their botnet.

Worst-case scenario, your VPN server or proxy will fall prey to the attacker’s methods, which usually won’t affect you beyond making your connection unresponsive for a couple of seconds. Until the intermediary obfuscating your IP address automatically reconnects you to an unaffected server node, that is.

If you really want to get technical, the actual worst-case scenario is that you have to do that manually. If you don’t, companies will usually advertise that feature as “DDoS protection” or something of the sort.

Even the very possibility of your VPN falling victim to a DDoS attack is a stretch because most service providers nowadays will usually have much more robust anti-DDoS protections in place than the average netizen. Being targeted by DDoS attacks is a much more realistic threat to modern VPNs than having their infrastructure absorbed into a botnet meant to power DDoS attacks.

Now, there is one notable exception to this – if a hacker already knows your real IP address because they obtained it before you established a secure Internet connection. Not even a triple VPN will help you in that case. And your only bet is to get a new IP address – not from your VPN provider, but your ISP. Most support dynamic IPs these days, so that shouldn’t be a problem.

Regardless, if you suspect you’re a target of a DDoS attack, with or without a VPN, consult with applicable local regulations. Because such cyber attacks at the very least constitute harassment in most parts of the world and are hence illegal.

By Dominik Bosnjak

A long-time VPN-user-turned-advocate who spends more time scrutinizing VPN providers on a daily basis than he’d like to admit. When he isn’t writing about them, he’s covering general tech news, spends time with his dog, video games, or both. The Shih Tzu in question is the only remaining creature in Dominik’s life who hasn’t told him they’re sick of him talking about best VPN practices and government-sponsored erosion of digital privacy which made using the Internet less convenient over the years. He occasionally dabbles in video editing, Wall Street memes, and demonstrating a remarkable lack of guitar-playing ability. If you want more tidbit-sized rants about any of those things, his profile handles are below: