DDOS ATTACK: WHO SLOWS DOWN YOUR INTERNET, WHY AND HOW?

DDoS (Distributed Denial of Service) is a type of cyber attack that makes a website or service inaccessible by flooding it with fake traffic from many sources. The aim of the article is to help you understand the attack and protect against it; it contains no attack method, because organizing a DDoS is a crime. Below you will find what DDoS is, its difference from DoS, its types, how it is detected, its legal dimension and ways to protect against it.

What Is DDoS, What Does It Stand For? (How Does It Work?)

DDoS stands for "Distributed Denial of Service". DDoS is a type of cyber attack that aims to make a website, server or online service inaccessible by flooding it with fake traffic from many sources at the same time.

The conceptual working logic: the attacker sends a huge amount of requests to the target at the same time, usually from many compromised devices (the network they form is called a "botnet"). When the target system's capacity cannot handle this flood of fake traffic, it slows down or collapses completely; real users cannot reach the site. By analogy, it is like thousands of people who will buy nothing crowding a store's door and preventing real customers from entering. Important point: DDoS is not a data-stealing attack, its aim is to block the service (downtime, inaccessibility). DDoS is one of the broader cyber attack types; our aim is to understand the attack and protect against it.

The Difference Between DoS and DDoS

Both aim to block a service; the difference is in the number of sources of the attack. DoS (Denial of Service) is when the attack comes from a single source (a single computer or connection); because it is a single source, detecting and blocking it is relatively easier.

DDoS (Distributed Denial of Service), on the other hand, is when the attack comes from many distributed sources at the same time (usually from hundreds or thousands of compromised devices spread around the world, that is, a botnet). The word "Distributed" emphasizes this multi-source nature. DDoS is far more powerful and far harder to block than DoS, because since the traffic comes from thousands of different places, blocking a single address does not work and separating which traffic is real and which is fake gets harder. In short, DoS resembles a single attacker, while DDoS resembles an army; most of today's serious attacks are of the DDoS type.

Types of DDoS Attacks (An Overview)

DDoS attacks split roughly into three groups according to which layer of the target they exhaust. The classification is for understanding defense, not an attack recipe:

• Volumetric attacks: aim to fill the target's internet bandwidth with huge traffic; the most common type.
• Protocol attacks: aim to exhaust the resources of systems like the server, firewall or load balancer using the weak points of network protocols.
• Application layer attacks: directly target the web application; they can exhaust the system even with less traffic, and because they resemble normal traffic, they are hard to detect.

Knowing the types helps understand why a single defense is not enough and why layered protection is needed. Because attackers can combine different types, serious systems use multiple defense methods together; you can also find the detail in Kaspersky's DDoS guide.

How Do You Tell You Are Under a DDoS Attack?

The symptoms of a DDoS attack can resemble ordinary technical problems; but if these signs are seen together, the probability is high. Your website suddenly and extremely slows down or becomes completely inaccessible; it crashes or times out without a known reason (maintenance, a busy campaign); you observe an unexplained, sudden and huge increase in server and network traffic.

Most of the traffic comes from suspicious sources (abnormally intense, strange and uniform requests from certain regions), and server resources (CPU, memory, bandwidth) hit full for no reason. The way to notice these early is to monitor server and network traffic. An important distinction: sometimes a sudden traffic increase can come from a legitimate reason too (like your content going viral), so you need to look at the nature of the traffic (source diversity, request pattern); CISA's guide summarizes the symptoms. If you suspect it, contact your hosting or server provider immediately; they can analyze the traffic and confirm the situation.

Is Launching a DDoS a Crime? (The Legal Dimension)

Yes, organizing a DDoS attack is a crime and has serious legal consequences. Carrying out an unauthorized DDoS attack on someone else's system, site or service is a cyber crime in Turkey as in many countries of the world. In Turkey, attacks on information systems are regulated under the Turkish Penal Code (for example articles 243 and 244 on accessing an information system and blocking the system) and provide for sanctions like imprisonment or a judicial fine.

Let me underline a few points: excuses like "I just tried it" or "it lasted a short time" do not remove the crime; being a tool in someone else's attack (joining a botnet) or buying an attack service also creates legal liability; penalties can get heavier according to the damage the attack causes. You can read the relevant articles in the official legislation. So even trying DDoS out of curiosity or for fun is a serious mistake. If you are interested in cyber security, learning it through legal and ethical ways (authorized penetration testing, ethical hacker training, your own test environments) is both the right thing and a valuable career path.

How Do You Protect Against a DDoS Attack?

There is no single magic solution against DDoS; a layered defense is needed. One of the most effective methods is using DDoS protection services and a CDN: providers like Cloudflare or your hosting's DDoS protection filter incoming traffic and weed out malicious traffic before it reaches the site. A firewall and a web application firewall (WAF) block suspicious traffic with rules; rate limiting restricts the number of requests coming from a single source.

In addition, distributing traffic to multiple servers (load balancing), being able to increase capacity when needed, continuously monitoring traffic, keeping systems up to date and preparing an action plan strengthen protection. A strong password and up-to-date software for your own devices, so they do not join a botnet, are important too. Even for small sites, a good CDN and reliable hosting are important starting protection; I compiled general measures in my protection against cyber threats article. I always tell site owners: protection is proactive work, and preparing before the attack comes is far more effective than panicking when it arrives.

What Should You Do If You Are Under a DDoS Attack?

When you face a DDoS attack, acting fast and correctly reduces the damage. First confirm with traffic analysis whether what is happening is really a DDoS or another technical problem, and do not make a wrong diagnosis in haste. Then notify your hosting or provider immediately; your hosting company and DDoS protection provider can offer the fastest help to filter the traffic, so your first call should be to them.

If you have one, activate or strengthen your DDoS protection (like traffic filtering, "under attack" mode), and filter the suspicious traffic together with the provider. Record the time, sources and effects of the attack (logs), because they are needed both for analysis and a possible legal process; if the downtime lasts, inform your users. Especially in targeted, damaging or blackmail-containing attacks, report the situation to the Cybercrime units and the prosecutor's office, because this is a crime. After the attack passes, review your defense and strengthen the weak points. Remember, coping alone in serious DDoS attacks is hard; the most important step is quickly getting expert and provider support.