A DDoS attack (Distributed Denial of Service attack) is a cyber attack in which many compromised or controlled sources send a flood of traffic or requests to a target system, service, or network. The aim is to exhaust the target’s resources—bandwidth, CPU, memory, or connection capacity—so that legitimate users can no longer access the service. The “distributed” part means the traffic comes from a large number of sources (often a botnet), making it harder to block than an attack from a single IP.
How does a DDoS attack work? Attackers typically use a network of infected or controlled devices (botnet) to send huge volumes of traffic or connection requests to the target at the same time. The target’s servers, firewalls, or upstream links become overloaded and start dropping requests or slowing down. As a result, real users see timeouts, errors, or very slow responses. The attack can last from minutes to days, and the target often does not know who is attacking or how to stop the traffic without affecting normal users.
DDoS attacks are often grouped into three main types. Volumetric attacks aim to saturate the target’s bandwidth with a flood of traffic (e.g. UDP or DNS amplification). Protocol attacks exploit how network protocols work (e.g. SYN flood) to exhaust connection or state resources. Application-layer attacks (Layer 7) target web applications with HTTP requests (GET, POST, etc.) and can be effective with less traffic because they hit the application logic and backend. In practice, attacks may combine more than one type.
The impact of a DDoS attack can be severe: service downtime, loss of revenue and customers, reputational damage, and extra cost for mitigation and recovery. For e-commerce, finance, healthcare, or public services, even a short outage can have legal, contractual, or regulatory consequences. That is why understanding what a DDoS attack is and how to defend against it is important for any organisation that depends on online availability.
DDoS protection and mitigation include over-provisioning capacity, using a DDoS mitigation service or “scrubbing” centre that filters attack traffic, deploying a Web Application Firewall (WAF), and applying rate limiting and traffic analysis. Many organisations also use CDNs and cloud providers that absorb part of the traffic. The right mix depends on your architecture, budget, and risk level.
To be prepared, it is not enough to know what a DDoS attack is in theory; you need to test how your systems and defences behave under attack-like load. DDoS simulation is a controlled way to do this: you run traffic that mimics a DDoS attack against your own (or authorised) target, with defined duration and intensity, and you can stop it at any time. Simulations help find weak points, tune mitigation rules, and train your team without waiting for a real incident.
Running a DDoS simulation requires a platform where you control the target, duration, and traffic type and can get clear reports. You can then improve firewall, WAF, and mitigation settings based on real data. Engarde DDoS is a cloud-based DDoS simulation platform that supports multiple attack types (HTTP, TCP, UDP, ICMP, DNS, etc.) with full control and reporting. For more on why and how to run controlled simulations, see our article on DDoS simulation and network security.
For detailed steps, see our documentation and training center pages. Documentation · Training. For product-level details, see Engarde DDoS and LoadEng.