Internet, Networking, & Security Antivirus What Is a DDoS Attack? Understanding a Distributed Denial of Service attack Share Pin Email Print TimeStopper / Getty Images Antivirus Browsers Cloud Services Error Messages Home Networking 5G Antivirus VPN Web Development Around the Web View More By Mary Landesman Writer Mary Landesman is a former freelance contributor to Lifewire and a security expert. She was named as one of the women to watch in IT security. our editorial process LinkedIn Mary Landesman Updated July 12, 2019 28 28 people found this article helpful Trojans are often used to launch Distributed Denial of Service (DDoS) attacks against targeted systems, but just what is a DDoS attack and how are they performed? At its most basic level, a Distributed Denial of Service (DDoS) attack overwhelms the target system with data, such that the response from the target system is either slowed or stopped altogether. In order to create the necessary amount of traffic, a network of zombie or bot computers are most often used. DDoS, Zombies, and Botnets Zombies or botnets are computers that have been compromised by attackers, generally through the use of Trojans, allowing these compromised systems to be remotely controlled. Collectively, these systems are manipulated to create the high traffic flow necessary to create a DDoS attack. Use of these botnets are often auctioned and traded among attackers, thus a compromised system may be under the control of multiple criminals — each with a different purpose in mind. Some attackers may use the botnet as a spam-relay, others to act as a download site for malicious code, some to host phishing scams, and others for the aforementioned DDoS attacks. How a DDoS Attack Happens Several techniques can be used to facilitate a Distributed Denial of Service attack. Two of the more common are HTTP GET requests and SYN Floods. One of the most notorious examples of an HTTP GET attack was from the MyDoom worm, which targeted the SCO.com website. The GET attack works as its name suggests — it sends a request for a specific page (generally the homepage) to the target server. In the case of the MyDoom worm, 64 requests were sent every second from every infected system. With tens of thousands of computers estimated to be infected by MyDoom, the attack quickly proved overwhelming to SCO.com, knocking it offline for several days. A SYN Flood is basically an aborted handshake. Internet communications use a three-way handshake. The initiating client initiates with a SYN, the server responds with a SYN-ACK, and the client is then supposed to respond with an ACK. Using spoofed IP addresses, an attacker sends the SYN which results in the SYN-ACK being sent to a non-requesting (and often non-existing) address. The server then waits for the ACK response to no avail. When large numbers of these aborted SYN packets are sent to a target, the server resources are exhausted and the server succumbs to the SYN Flood DDoS. Several other types of DDoS attacks can also be launched, including UDP Fragment Attacks, ICMP Floods, and the Ping of Death.