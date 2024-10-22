DDoS attacks often arrive suddenly and unexpectedly. One minute, a website is actively processing client requests, and the next, it's not, with users getting 503 Service Unavailable error response messages or the dreaded loading spinner.

Without proper monitoring in place, site admins might only become aware there is a problem when users start to complain. And, unless a malicious actor has sent extortion demands threatening to launch an attack, it might not even be clear at first why a site is unreachable. Consider, for example, a mention in a news article or a product featured in a video that has gone viral or been commented on by an influencer.

It's, therefore, important to establish whether an outage is due to heavier-than-normal legitimate traffic or a flood of malicious traffic in a DDoS attack.

Indicators of DDoS attacks The following could indicate a DDoS attack is occurring: A single IP or range of IP addresses making excessive and consecutive requests.

Heavy traffic from a single geographical location or device.

Unusual traffic patterns.

Service persistently responding with 500 Internal Server Error or 503 Server Unavailable error messages indicating it is unavailable or unable to handle requests.

Alerts about bandwidth, memory or CPU issues.

Packet TTLs (time-to-live) expiring due to an attack consuming excessive bandwidth. DDoS attacks can target different Open Systems Interconnection (OSI) layers, but Layers 3, 4 and 7 are the most popular because they are relatively easy to launch and can potentially have an enormous impact. Multivector DDoS attacks target multiple layers of the OSI model at the same time. For example, a multivector DDoS attack might include a DNS amplification attack that targets Layers 3 and 4, as well as an HTTP flood that targets Layer 7. The five most common DDoS attack vectors for Q2 2024, according to Cloudflare research, were DNS, SYN, RST, User Datagram Protocol and Generic Routing Encapsulation.