DDoS – Definition, Use Cases and Best Practices at a Glance
A cyber attack in which thousands of compromised devices send huge numbers of requests to a target system to overwhelm it and make it unavailable.
What is a DDoS Attack? Definition, Protection & Defence Strategies
DDoS (Distributed Denial of Service) attacks are among the most common and feared cyber threats. In 2025 over 15 million DDoS attacks were recorded worldwide – and the trend is rising. A successful DDoS can take down websites, APIs and entire IT infrastructures for minutes to days and causes average costs of €20,000–40,000 per hour of downtime. The good news: with the right preparation and modern protection, DDoS attacks can be effectively mitigated.
This glossary entry for DDoS gives you a clear Definition, practical Use Cases and Best Practices at a glance – with examples, pros and cons, and FAQs.
What is DDoS?
- DDoS – A cyber attack in which thousands of compromised devices send huge numbers of requests to a target system to overwhelm it and make it unavailable.
A DDoS attack is a cyber attack in which an attacker uses a network of compromised devices (botnet) to overwhelm a target with a flood of requests. Unlike a simple DoS (from one machine), DDoS traffic comes from thousands to millions of distributed sources, making defence much harder. Types include volumetric attacks (e.g. UDP flood) that saturate bandwidth, protocol attacks (e.g.
SYN flood) that exhaust server resources, and application-layer attacks (e.g. HTTP flood) targeting web apps. Modern attacks often combine all three.
How does DDoS work?
The attacker first builds a botnet – compromised computers, IoT devices (cameras, routers) or cloud instances. A command-and-control server triggers the attack. All bots send requests to the target at once; volumetric attacks can reach several terabits per second. The target server or upstream network is overloaded and legitimate users cannot reach the service.
Modern attacks use amplification (e.g. DNS amplification) where small requests trigger large responses and multiply attack traffic.
Practical Examples
The 2016 Mirai botnet used hundreds of thousands of IoT devices and took down DNS provider Dyn – Twitter, Netflix, Reddit and Spotify were unreachable for hours.
A German online shop is hit with a 50 Gbit/s attack during Black Friday week – thanks to Cloudflare DDoS Protection the shop stays up and the attack is mitigated.
A competitor hires DDoS-as-a-Service for €50 and takes down a rival’s site for hours – a growing form of cybercrime.
A gaming server is hit with an application-layer attack on resource-heavy API endpoints and the database is overwhelmed.
A bank defends against a multi-vector attack: volumetric UDP flood plus targeted HTTP flood on the login page – only multi-layer defence succeeds.
Typical Use Cases
Website protection: CDN and WAF protect public sites from overload
API protection: Rate limiting and anomaly detection protect APIs from layer-7 DDoS
Infrastructure protection: Network-level DDoS mitigation at cloud and hosting providers
Gaming & streaming: Protection for real-time services that are attractive DDoS targets
Finance: Multi-layer DDoS defence for regulated, high-availability platforms
Advantages and Disadvantages
Advantages
- Modern DDoS services detect and filter attacks automatically within seconds
- CDN-based protection absorbs attack traffic across a global network
- ML-based detection increasingly distinguishes legitimate traffic from attacks
- Always-on protection: Services like Cloudflare or AWS Shield protect continuously
- Scalable defence: Cloud mitigation scales with attack volume
Disadvantages
- Cost: Enterprise DDoS protection can cost several thousand euros per month depending on bandwidth and level
- No 100% guarantee: Very large or novel attacks can overwhelm even professional services briefly
- Latency: Mitigation proxies can slightly increase response time for legitimate users
- False positives: Aggressive filtering can block legitimate users or bots
Frequently Asked Questions about DDoS
How can I protect against DDoS attacks?
A multi-layer approach works best: 1) CDN with built-in DDoS protection (Cloudflare, AWS CloudFront) as first line. 2) Rate limiting and WAF for application-layer protection. 3) Anycast network to spread attack traffic across many locations. 4) Auto-scaling to absorb short spikes. 5) Incident plan with clear escalation and prepared countermeasures.
What does a DDoS attack cost a company?
Costs vary: direct revenue loss from downtime (e.g. e-commerce), recovery cost, reputational damage and possible SLA penalties. Studies put average cost at €20,000–40,000 per hour of downtime. For small businesses even a few hours can be existential.
Are DDoS attacks illegal?
Yes. In Germany DDoS attacks are illegal under § 303b StGB (computer sabotage) and can be punished with up to three years’ imprisonment or a fine. In serious cases (e.g. critical infrastructure) up to five years. Operating DDoS-as-a-Service and participating in botnets are also illegal.
Direct next steps
If you want to apply or evaluate DDoS in a real project, start with these transactional pages:
DDoS in the Context of Modern IT Projects
This page provides a concise definition of DDoS, practical use cases and best practices at a glance — everything you need to evaluate the technology for your next project. DDoS falls within the domain of Security and plays a significant role across a wide range of IT projects. When evaluating whether DDoS is the right fit, organizations should look beyond the technical merits and consider factors such as existing team expertise, current infrastructure, long-term maintainability, and total cost of ownership.
Drawing on our experience from over 250 software projects, we have found that correctly positioning a technology or methodology within the broader project context often matters more than its isolated strengths.
At Groenewold IT Solutions, we have worked with DDoS across multiple client engagements and understand both its advantages and the typical challenges that arise during adoption. If you are unsure whether DDoS suits your particular requirements, we are happy to provide an honest, no-obligation assessment. We analyze your specific situation and recommend the approach that delivers the most value — even if that means suggesting an alternative solution.
For more terms in the area of Security and related topics, see our IT Glossary. For concrete applications, costs, and processes we recommend our service pages and topic pages — there you will find many of the concepts explained here put into practice.
Related Terms
Want to use DDoS in your project?
We are happy to advise you on DDoS and find the optimal solution for your requirements. Benefit from our experience across over 200 projects.