DDoS Attacks: Distributed Denial-of-Service

BDR Emma Mouncey

Written by Emma Mouncey
University of Portsmouth

DoS (Denial-of-Service) Attacks are malicious attacks aiming to disrupt a server or network using a computer. 

DDoS (Distributed Denial-of-Service) Attacks are the same as DoS attacks but use multiple systems. These can be remotely used computers compromised through malware.

How DDoS attacks work :

DDoS attacks can either be many different individuals working together to overload a system or An individual using botnets which are computers hacked through malware and operated as a virtual machine.

  • Overloaded network layer – hardware or software failure due to overloading the network capacity, ie WiFi bandwidth.
  • Overloaded application layer – Overloading the system with too many requests and applications, ie asking the processor to do too much work.
    (This takes less resources for the attacker)

 To render a service unusable.

  • Users will not be able to use or view the site.
  • Customer complaint.
  • Cannot retrieve site data.
  • Loss of productivity.
  • Reputational damage as there is a potential for not being able to fulfill contracted roles.
  • Business functions are inaccessible

In 2022 Microsoft mitigated over 520,000 unique DoS attacks from their global infrastructure.

Azure Network Security Team, 2023

How to spot a DDoS Attack:
  • Sites are running slower than usual.
  • High number of requests from the same IP address.
  • Customers cannot access your site.
  • Error 503 warning appears – this shows a server that is overloaded or temporarily down for maintenance.
How to protect your business:
  • Know your weaknesses (ie your bandwidth and capacity size) and plan what to do in this instance.  This includes contacting customers.
  • Invest in a business grade router. This will increase bandwidth and be aware of the maximum capacity.
  • Buy a Web Application Firewall – this identifies DDoS tools and protects your website.
Why your small business is targeted:
  • Smaller businesses do not usually have large bandwidths to hold large volumes of traffic so are easier to overload as it would need less resources to overwhelm.
  • DDoS prevention software can be expensive so smaller businesses do not have them.
  • Do not have a high budget to implement sophisticated cyber security systems.
Azure Network Security Team (2023). 2022 in review: DDoS attack trends and insights. Available at:
CloudFlare (n.d.). What is a DDoS attack? Available at:
National Cyber security Centre (2016). Denial of Service (DoS) guidance. Available at:
Rachel Ramsey, for Knowledge (2020). DDoS attacks: What small businesses need to know. Available at: