What Is a DDoS Attack
A DDoS attack (Distributed Denial-of-Service) floods a server, application, or network with traffic from many sources simultaneously, exhausting its bandwidth, open connections, or CPU capacity until legitimate users can no longer reach it. Unlike a simple DoS attack from a single source, a DDoS attack is distributed — often across thousands of compromised devices in a botnet, or bounced off misconfigured reflection servers — which makes it far harder to stop by blocking one IP address.
DDoS attacks are typically classified by which layer of the network stack they target: volumetric attacks saturate raw bandwidth, protocol attacks (Layer 3/4) exhaust connection state on firewalls and load balancers, and application-layer attacks (Layer 7) overwhelm the web server or application logic itself.
DDoS Attack Types
| Attack Type | OSI Layer | What It Exhausts |
|---|---|---|
| SYN Flood | Layer 4 | Firewall / load balancer connection table |
| UDP Flood | Layer 3/4 | Raw bandwidth and upstream filtering |
| HTTP Flood | Layer 7 | Web server / WAF request-handling capacity |
| Slowloris | Layer 7 | Server connection-timeout pool |
| DNS Amplification | Layer 3/4 | DNS resolver bandwidth via reflection |
- SYN flood — sends a high rate of TCP SYN packets without completing the handshake, exhausting the target's connection table.
- UDP flood — sends large volumes of UDP packets to random ports, forcing the target to reply with ICMP "destination unreachable" packets, consuming bandwidth and CPU.
- HTTP flood — sends a high rate of seemingly legitimate GET/POST requests, testing whether the server, CDN, and WAF can distinguish real users from flood traffic.
- Slowloris — opens many partial HTTP connections and keeps them alive with minimal data, exhausting the connection pool without needing high bandwidth.
- DNS amplification — spoofs the victim's IP in DNS requests to misconfigured resolvers, which reply with disproportionately large responses, multiplying the attacker's bandwidth 10-100x.
These same techniques, sold as a self-service dashboard with no ownership checks, are what's marketed as an IP stresser or booter — worth reading if you've seen that term and want to know what you'd actually be buying and what it costs you legally.
How DDoSAttack Simulates Real Attack Traffic
DDoSAttack reproduces the traffic patterns above against a target you control, at an intensity and duration you schedule, with full traffic reporting throughout the test.
Most teams find out their DDoS mitigation doesn't work during a real attack — the worst possible time. Running a scheduled simulation beforehand answers questions a vendor datasheet can't:
Verify mitigation is actually active
Confirm Cloudflare, AWS Shield, or your on-prem WAF is correctly configured — not just installed.
Find the real breaking point
Measure the exact request rate or bandwidth where your stack degrades, before an attacker finds it for you.
Validate incident response
Test whether your on-call alerts fire, and whether your team's runbook actually holds under load.
Meet compliance requirements
Many SOC 2 and ISO 27001 audits expect documented resilience testing, including DDoS scenarios.
Authorized use only. Every test requires proof of ownership or signed written authorization for the target. DDoSAttack will not run tests against infrastructure you cannot verify you control — that's the line between this and an IP stresser.
Free vs Pro: Free tier — one Layer 7 test, 60-second duration, capped request rate. Pro ($29/mo) — all attack types, custom duration, scheduled recurring tests, and full PDF reporting.
Ownership Verification
Before any simulation runs, DDoSAttack requires proof that you own or are explicitly authorized to test the target: a DNS TXT record challenge for domains, or a signed authorization form referencing the target IP range for infrastructure without a domain. Tests against unverified targets are blocked automatically.
Frequently Asked Questions
What is a DDoS attack?
A DDoS (Distributed Denial-of-Service) attack floods a server, service, or network with traffic from multiple sources at once, exhausting its bandwidth, connections, or processing capacity until legitimate users can no longer access it.
What are the main types of DDoS attack?
DDoS attacks fall into three categories: volumetric attacks that saturate bandwidth (UDP flood, DNS amplification), protocol attacks that exhaust connection state at Layer 3/4 (SYN flood), and application-layer attacks at Layer 7 that overwhelm the web server or app itself (HTTP flood, Slowloris).
Is DDoS attack simulation legal?
Simulating a DDoS attack against infrastructure you own, or against a target where you hold explicit written authorization from the owner, is legal in most jurisdictions and is standard practice in penetration testing and resilience engineering.
What attack types can I simulate with DDoSAttack?
DDoSAttack supports SYN flood and UDP flood (Layer 4 / transport-layer), HTTP flood and Slowloris (Layer 7 / application-layer), and DNS amplification testing, covering the most common real-world DDoS vectors.
Do I need to verify ownership before testing?
Yes. Before any test runs, DDoSAttack requires proof of ownership or written authorization for the target IP or domain, such as a DNS TXT record challenge or a signed authorization form.
How is DDoS attack simulation different from an IP stresser?
A public IP stresser never verifies who owns the target, which is exactly what makes it usable to attack third parties. DDoSAttack requires proof of ownership before any test runs, so it can only ever be pointed at infrastructure the customer actually controls. Full breakdown of how stressers work and what they cost →
Find Your Breaking Point Before an Attacker Does
Run your first authorized DDoS attack simulation free — no card required.