Core idea
DDoS stands for distributed denial of service. The goal is simple: overwhelm a target until legitimate traffic can no longer be processed normally.
The distributed part matters because the traffic usually comes from many sources at the same time. That makes blocking individual IP addresses ineffective and increases the total pressure on the network or service.
Main attack categories
- Volumetric attacks try to saturate links with raw traffic volume
- Protocol attacks target packet processing or connection state
- Application attacks target specific services such as HTTP or DNS
- Reflection and amplification attacks use third-party systems to increase traffic toward the victim
What actually fails
A service does not need to lose all available bandwidth to fail. In many cases the real bottleneck is packet rate, connection tracking, CPU time, firewall state, load balancer capacity or application-level processing.
That is why a smaller attack in Gbps can still be very disruptive if packet size is small and the system has to process a large number of packets per second.
Why DDoS mitigation is difficult
Blocking everything is easy. Preserving legitimate traffic while removing attack traffic is the hard part.
Effective mitigation depends on where filtering happens, how much state is required, how fast rules can be distributed and whether the mitigation path can keep up with packet rate under load.