What is a DDoS Attack?
A DDoS attack floods your website or online service with junk traffic from thousands of sources at once, overwhelming it until real customers can't get through.
Drowning a service in traffic
DDoS stands for Distributed Denial of Service. The goal isn't to steal your data or break in — it's to knock your website, app, or online service offline by overwhelming it with traffic. Picture thousands of fake customers all crowding through your front door at once: real customers can't get in, and eventually the door buckles. That's a DDoS attack, scaled to the internet.
The word "distributed" is the key. A plain denial-of-service attack comes from one machine and is fairly easy to block. A distributed attack comes from a coordinated army of compromised devices — a "botnet" — spread across the globe, so the flood arrives from everywhere at once. For a business, the impact is direct and immediate: an offline storefront, broken checkout, or unreachable customer portal means lost revenue and frustrated customers for as long as the attack lasts.
Botnets, floods, and amplification
Most DDoS attacks rely on a botnet: a collection of hijacked computers, servers, and internet-of-things devices — security cameras, routers, smart appliances — that were infected with malware and can be commanded remotely. The attacker (or a criminal who rents the botnet by the hour) directs every device to hammer your target at the same moment. Because the traffic comes from thousands of real, scattered devices, you can't just block one address and be done.
Attackers also use amplification to punch above their weight: they send small forged requests to misconfigured public servers that reply with much larger responses aimed at the victim, turning a modest botnet into a massive flood. Some attacks simply exhaust your bandwidth; others target the application itself with requests that look legitimate but are expensive to process — like repeatedly hammering a search box. Increasingly, DDoS is also used for extortion: pay up, or we'll keep you offline. It's worth noting a DDoS can also be a smokescreen, keeping your team busy while the attacker quietly does something worse elsewhere.
The main categories of DDoS
Volumetric attacks
Brute-force floods that saturate your internet bandwidth with sheer volume of traffic, measured in gigabits or terabits per second.
Protocol attacks
Exploit weaknesses in how connections are set up — like SYN floods — to exhaust the resources of servers, firewalls, and load balancers.
Application-layer attacks
Mimic real users to overwhelm a specific feature (login, search, checkout). Low in volume but hard to distinguish from genuine traffic.
Amplification / reflection
Abuse public servers to multiply a small request into a huge response aimed at the victim — a force-multiplier for the attacker.
Ransom DDoS
A short demonstration attack followed by a payment demand, threatening a sustained takedown if you don't pay.
Smokescreen DDoS
A loud attack used to distract your security team while a quieter intrusion or data breach happens elsewhere.
Staying online under fire
You can't stop someone from sending traffic, but you can make sure it gets absorbed before it reaches you. The good news for most small businesses: affordable services handle the heavy lifting.
- Sit behind a DDoS-mitigation service or CDN. Providers like Cloudflare, Akamai, or your cloud host absorb and filter attack traffic across a huge global network before it ever hits your servers.
- Don't expose servers directly. Keep your real server addresses hidden behind the mitigation layer so attackers can't bypass it and target you directly.
- Build in headroom and auto-scaling. Cloud infrastructure that scales on demand can ride out smaller surges that would flatten a single fixed server.
- Have a response plan ready. Know your provider's emergency contacts and your steps before an attack hits — see incident response.
- Watch for the second attack. Treat a DDoS as a cue to stay alert for a quieter intrusion happening under cover of the noise.
For most SMBs, putting your site behind a reputable mitigation provider is 90% of the battle — it's inexpensive and stops the vast majority of attacks automatically. If you're unsure how exposed your services are, a quick review of your attack surface is a smart place to start, and Red Hound can help you map it.
Common questions about DDoS
What is a DDoS attack in simple terms?
A DDoS (Distributed Denial of Service) attack floods a website or online service with so much junk traffic from many sources at once that it slows to a crawl or goes completely offline for legitimate users.
What is the difference between DoS and DDoS?
A DoS attack comes from a single source, which is relatively easy to block. A DDoS attack is distributed across thousands of compromised devices (a botnet), making it far harder to filter because the traffic comes from everywhere at once.
Does a DDoS attack mean my data was stolen?
Usually not directly — a DDoS is about availability, not theft. But attackers sometimes use a DDoS as a noisy distraction to cover a separate intrusion, so a DDoS should still prompt you to watch for other suspicious activity.
How do I protect my business from DDoS attacks?
Put your site behind a DDoS-mitigation or CDN provider, ensure your hosting can absorb spikes, have an incident plan with your provider's emergency contacts, and avoid exposing servers directly to the internet without protection.
Get the free SMB Security Baseline Checklist
A short, plain-English checklist of the foundational controls — including resilient hosting and edge protection — every small business should have.
Or get plain-English security tips by email: