A DDoS attack is a malicious attempt to disrupt a targeted server, service, or network by overwhelming it with a flood of Internet traffic. To be effective, these attacks require threat actors to take control of online computers, routers, IoT devices, or other endpoints to leverage as sources of attack traffic. These machines are infected with malware and then weaponized in a “botnet” that is activated remotely.
When the IP address of a targeted server or network is discovered, each bot sends simultaneous requests to that target with the intention of overwhelming its capacity, resulting in a denial-of -service to normal traffic. Since each bot is a legitimate device, separating attack traffic from legitimate traffic can be difficult.
