What Is a DDoS Attack

A DDoS attack floods a server, application, or network with traffic from many sources at once, exhausting its bandwidth, connections, or processing capacity until real users can no longer get through. Below: how each attack type works, and an authorized simulator to find out whether your own infrastructure would survive one.

What Is a DDoS Attack

A DDoS attack (Distributed Denial-of-Service) floods a server, application, or network with traffic from many sources simultaneously, exhausting its bandwidth, open connections, or CPU capacity until legitimate users can no longer reach it. Unlike a simple DoS attack from a single source, a DDoS attack is distributed — often across thousands of compromised devices in a botnet, or bounced off misconfigured reflection servers — which makes it far harder to stop by blocking one IP address.

DDoS attacks are typically classified by which layer of the network stack they target: volumetric attacks saturate raw bandwidth, protocol attacks (Layer 3/4) exhaust connection state on firewalls and load balancers, and application-layer attacks (Layer 7) overwhelm the web server or application logic itself.

DDoS Attack Types

Attack TypeOSI LayerWhat It Exhausts
SYN FloodLayer 4Firewall / load balancer connection table
UDP FloodLayer 3/4Raw bandwidth and upstream filtering
HTTP FloodLayer 7Web server / WAF request-handling capacity
SlowlorisLayer 7Server connection-timeout pool
DNS AmplificationLayer 3/4DNS resolver bandwidth via reflection

These same techniques, sold as a self-service dashboard with no ownership checks, are what's marketed as an IP stresser or booter — worth reading if you've seen that term and want to know what you'd actually be buying and what it costs you legally.

How DDoSAttack Simulates Real Attack Traffic

DDoSAttack reproduces the traffic patterns above against a target you control, at an intensity and duration you schedule, with full traffic reporting throughout the test.

Most teams find out their DDoS mitigation doesn't work during a real attack — the worst possible time. Running a scheduled simulation beforehand answers questions a vendor datasheet can't:

1

Verify mitigation is actually active

Confirm Cloudflare, AWS Shield, or your on-prem WAF is correctly configured — not just installed.

2

Find the real breaking point

Measure the exact request rate or bandwidth where your stack degrades, before an attacker finds it for you.

3

Validate incident response

Test whether your on-call alerts fire, and whether your team's runbook actually holds under load.

4

Meet compliance requirements

Many SOC 2 and ISO 27001 audits expect documented resilience testing, including DDoS scenarios.

Authorized use only. Every test requires proof of ownership or signed written authorization for the target. DDoSAttack will not run tests against infrastructure you cannot verify you control — that's the line between this and an IP stresser.

Free vs Pro: Free tier — one Layer 7 test, 60-second duration, capped request rate. Pro ($29/mo) — all attack types, custom duration, scheduled recurring tests, and full PDF reporting.

Ownership Verification

Before any simulation runs, DDoSAttack requires proof that you own or are explicitly authorized to test the target: a DNS TXT record challenge for domains, or a signed authorization form referencing the target IP range for infrastructure without a domain. Tests against unverified targets are blocked automatically.

Frequently Asked Questions

What is a DDoS attack?

A DDoS (Distributed Denial-of-Service) attack floods a server, service, or network with traffic from multiple sources at once, exhausting its bandwidth, connections, or processing capacity until legitimate users can no longer access it.

What are the main types of DDoS attack?

DDoS attacks fall into three categories: volumetric attacks that saturate bandwidth (UDP flood, DNS amplification), protocol attacks that exhaust connection state at Layer 3/4 (SYN flood), and application-layer attacks at Layer 7 that overwhelm the web server or app itself (HTTP flood, Slowloris).

Is DDoS attack simulation legal?

Simulating a DDoS attack against infrastructure you own, or against a target where you hold explicit written authorization from the owner, is legal in most jurisdictions and is standard practice in penetration testing and resilience engineering.

What attack types can I simulate with DDoSAttack?

DDoSAttack supports SYN flood and UDP flood (Layer 4 / transport-layer), HTTP flood and Slowloris (Layer 7 / application-layer), and DNS amplification testing, covering the most common real-world DDoS vectors.

Do I need to verify ownership before testing?

Yes. Before any test runs, DDoSAttack requires proof of ownership or written authorization for the target IP or domain, such as a DNS TXT record challenge or a signed authorization form.

How is DDoS attack simulation different from an IP stresser?

A public IP stresser never verifies who owns the target, which is exactly what makes it usable to attack third parties. DDoSAttack requires proof of ownership before any test runs, so it can only ever be pointed at infrastructure the customer actually controls. Full breakdown of how stressers work and what they cost →

Find Your Breaking Point Before an Attacker Does

Run your first authorized DDoS attack simulation free — no card required.