DDoS full form Denial-of-service attack
Examples of network and server behaviors that may indicate a DDoS attack are listed below. One or a combination of these behaviors should raise concern:
- One or several specific IP addresses make many consecutive requests over a short period.
- A surge in traffic comes from users with similar behavioral characteristics. For example, if a lot of traffic comes from users of a similar devices, a single geographical location or the same browser.
- A server times out when attempting to test it using a pinging service.
- A server responds with a 503 HTTP error response, which means the server is either overloaded or down for maintenance.
- Logs show a strong and consistent spike in bandwidth. Bandwidth should remain even for a normally functioning server.
- Logs show traffic spikes at unusual times or in a usual sequence.
- Logs show unusually large spikes in traffic to one endpoint or webpage.