A DDoS or Distributed Denial-of-Service attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. Distributed Denial-of-Service or DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources like IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.
A DDoS attack requires an attacker to take control of a network of online servers and devices in order to perform an attack. Computers and other devices (such as IoT devices) are infected with malware, turning each one into a bot (or malicious bot). The attacker then has remote control over the group of bots, which is called a botnet.
Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a method of remote control. When the IP address of a victim is targeted by a botnet, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, resulting in a Denial of Service to normal traffic. Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.