How Large Can a DDoS Attack Get?

Distributed denial of service (DDoS) is the most common way that hackers bring websites, gaming servers, and various other services that depend on the internet down abruptly. The severity of the attack could vary, ranging from a mild inconvenience to a total takedown of a server. Sometimes it’s more than just a server involved. Yes, for many years ambitious groups and individuals have had much larger targets in mind when planning their attacks. Some have even succeeded. Where do they draw the limit? Is there a limit at all to how large these attacks can get?

What We’ve Learned From History

largeddos-rootserver

The number of DDoS attacks, at the time of this article’s publishing, is rising. With such easy access to the tools that allow people to perform these attacks, the problem is probably going to get worse. The ripple effect of this increase in attacks can be felt with many high-profile attacks such as the downtime experienced by the Sony PlayStation Network in 2014 which caused panic for millions of people who were attempting to access the network.

Governments have also gotten in on the action. One example of this would be the March 2015 attack on GitHub by the Chinese government that led to two projects getting shut down.

Other attacks include the DNS root server attack of 2007 which managed to cause a significant amount of trouble. When a root server is down, none of the domains under its control can be accessed making a very enormous amount of websites incapable of operating.

What Do We Measure?

largeddos-bandwidth

There are two ways to measure a DDoS attack. You can either count the amount of bandwidth sustained during the attack or the number of people affected by it. The second metric is very difficult to assess since we don’t have any way to truly collect an accurate statistic on the number of people who are inconvenienced by any particular attack. However, we can measure bandwidth.

March 18, 2013, marked a day that would go down in history as the most unprecedented DDoS attack ever executed in terms of bandwidth until that point. Spamhaus, a website that tracks spammers, succumbed to an attack that eventually exceeded 120 gigabits per second. Such a large-scale attack, however, was dwarfed almost immediately by another attack in 2014 that managed to hit the 400 gigabit-per-second milestone, slowing down Internet connectivity for much of the European Union and part of the United States.

Those two attacks are by far some of the worst we’ve seen in history. The fact that hackers are finding it easier to find ways to gain more bandwidth makes it very possible that we will witness attacks that cause much more damage in the future. If this trend continues throughout the next few years we might as well call this the Golden Age of DDoS.

How We Can Stop It

Many companies are currently investing in solutions that mitigate DDoS for them, but it’s not always within a business’ budget to employ state-of-the-art hardware and software for this purpose. We will have to help them in this fight, and the best way we can do this is to be prudent about what we download and the websites we access. Attackers use other computers through viruses and shady scripts to execute a DDoS, making thousands of systems send connection requests to one particular server. Make sure that you download things only from trustworthy sources!

What do you think? Do you have any other advice for how we can help stop DDoS? Tell us more in a comment!

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Miguel Leiva-Gomez Avatar

Read next

Suzanne Simard sealed paper birch and Douglas fir seedlings inside plastic bags, fed them carbon-14 and carbon-13 dioxide, and nine days later found carbon had crossed between species through fungal threads in the British Columbia soil beneath her boots
A species of jellyfish called Turritopsis dohrnii can revert its adult cells back to a juvenile polyp stage when injured or starving, effectively restarting its life cycle, and biologists have so far failed to identify any natural limit to how many times it can do this.
A Japanese man named Jiroemon Kimura, who lived to 116, was born in 1897 when Queen Victoria still ruled and died in 2013, meaning a single human life personally overlapped with the invention of the airplane, the atomic bomb, the internet, and Instagram
The Hollywood sign originally read HOLLYWOODLAND when it was built in 1923 as a real estate advertisement for a housing development, and it was only meant to stand for 18 months, but nobody ever got around to taking it down and the city eventually adopted it as a landmark
Almost all of the world’s internet traffic does not travel by satellite but through fibre-optic cables lying on the ocean floor, a hidden web of wires crossing the deepest parts of the sea to connect the continents.
People who flip their phone face down on every table aren’t being secretive. They figured out that staying interruptible meant handing their time to whoever rang first
Twitch vs. Facebook Gaming vs. YouTube Gaming: What’s the Best Live Game Streaming Platform?
Chrome Extensions Ownership Transfer is a Direct Threat to You: How to Stay Safe