DDoS Protection Glossary

DigitalOcean’s DDoS Protection service provides always-on protection from Distributed Denial of Service (DDoS) attacks for your resources. The service monitors your resources for malicious or questionable volumes of incoming traffic and either mitigates or blocks traffic to the resource until the event has concluded.

This glossary defines the core concepts behind DNS to help build your mental model of how DDoS Protection works and understand what the documentation is referring to when it uses certain terminology.

Distributed Denial-of-Service (DDoS) attacks are a type of cyber-attack in which bad actors overwhelm servers, routers, load balancers, or applications with incoming connections to render them inaccessible. DDoS attacks use one or more of the following methods to do so:

• Volumetric attacks: This type of attack overwhelms the resource’s bandwidth with a flood of traffic to keep normal traffic from reaching the resource. This includes: UDP floods, ICMP floods, TCP floods, and DNS reflection attacks.

• Protocol layer attack: This type of attack over-consumes network resources on a server, load balancer, or firewall, slowing down the target resource until it becomes inaccessible. This attack targets the network, transports layers of the OSI stack, and leverages exploits in network protocols. This includes: SYN floods, BGP attacks, and Ping-of-Death attacks.

• Application layer attack: This type of attack targets software running on the resource, such as Web Application Firewalls (WAF) and web server applications. For example, these attacks may attempt to open and maintain an abnormally large number of connections to a web server, or bombard an application with large POST payloads. These attacks can be particularly effective because they consume both application-level and network-level resources. This includes: BGP hijacking, HTTP and HTTPS floods, and Slowloris attacks. DDoS Protection does not protect against application layer attacks.

• Multi-vector Attack: This type of attack simultaneously targets application and network level resources. Unlike single vector attacks, multi-vector attacks use several different types of traffic to overwhelm the target, such as flooding the target with HTTP traffic and UDP traffic.

DDoS Attack

Distributed Denial-of-Service (DDoS) attacks are a type of cyber-attack in which bad actors overwhelm servers, routers, load balancers, or applications with incoming connections to render them inaccessible.

DDoS Mitigation

DDoS mitigation is a countermeasure against DDoS attacks where a resource undergoing high amounts of traffics automatically inspects incoming connections and either filters out malicious ones (knows as “scrubbing”) or redirects them to a non-existent endpoint (known as a “blackhole”), in order to not overwhelm the resource.