9 Aug 2022


What is distributed denial of service (DDoS) & How Does it Work?

The AUSCERT team provides proactive and reactive incident response assistance actively seeking information from various sources to help find data relevant to a client.

We take immediate action and follow well-defined protocols in order to obtain a resolution and satisfactory outcome. This article is aimed at those who need a high level explanation of what a DDoS attack is.

DDoS Attacks In 2022

Already in 2022 the IT industry has experienced a large increase of distributed denial of service (DDoS) attacks. Not that long ago, most DDoS attacks were seen as minor nuisances perpetrated by harmless novices who did it for fun, back then DDoS attacks were relatively easy to mitigate.


DDoS attacks are becoming an extremely sophisticated activity, and in many cases, big business. According to TechRepublic, in the first quarter of 2022, Kaspersky DDoS Intelligence systems detected 91,052 DDoS attacks. 44.34% of attacks were directed at targets located in the USA, which comprised 45.02% of all targets.


Exactly What Is a DDoS Attack?

Despite DDoS attacks becoming ever more common, they can be quite sophisticated and difficult to combat. But what exactly is a DDoS attack and what does DDoS stand for?

DDoS is the anagram for Distributed Denial of Service. A DDoS attack occurs when a threat actor uses resources from multiple, remote locations to attack an organisation’s online operations.

The goal is to consume resources so that legitimate access to services is not possible, for example, a website or online service will appear to be ‘down’ for people attempting to use it. DDoS attacks usually focus on generating a huge amount of network traffic that overwhelm operations of network equipment and services such as routers, domain name services or web caching.

How Long Can DDoS Attacks Last For?

The short answer – there is no set duration. DDoS attacks vary extensively in both duration and sophistication:

  • Long-Term Attack: An attack waged over a period of hours or days is referred to as a long-term attack. For example, the largest recorded DDoS attack was against Amazon Web Services (AWS), this caused disruption for three days before finally being finally mitigated.
  • Burst Attack: Also known as pulse-wave attacks, as the name implies they are waged over a very short period of time, lasting from a few seconds to a few minutes and occurring in frequent bursts.

Again, time is not really a factor; the quicker, burst attacks can also be as damaging as the long-term attacks.


How to Protect Your Organisation Against DDoS Attacks

Some measures that organisations can take to protect themselves against DDoS attacks are:

  • Reduce the attack surface of Internet-visible services to only that which is required. For example, inbound ICMP packets are unlikely to be needed and should be blocked.
  • Use a Content Delivery Network (CDN).
  • Implement server-level DDoS mitigation measures, making use of best practice guides from application and operating system software providers.
  • Plan for disruption including alternative ways of providing services to clients. Short term increases in network or server capacity may be a solution, depending on the costs. Knowing these in advance will inform business continuity planning discussions.
  • Implementing monitoring systems to detect large increases in outbound network traffic to avoid becoming part of the problem and the cause of reputational damage.

Phishing Take-down service

AUSCERT’s Phishing Take-down service works to reduce brand damage by requesting the removal of fraudulent websites. The service puts the safety of your brand at the forefront by detecting and acting immediately if your organisation is affected.

To find out more about this service click here.