One Request Too Many: Understanding and Surviving DoS & DDoS Attacks

SanthoshSanthosh
4 min read

Table of contents

"It wasn’t a bug, it was a full-blown digital riot."
— Me, after seeing 1000 threads spin up in production from one rogue IP.

Welcome to the wonderful world of DoS and DDoS attacks. If you've ever wondered what happens when the internet decides your application shouldn’t breathe, this one’s for you. Let’s walk through what these attacks are, how they wreak havoc, and more importantly how not to get roasted when one shows up at your server’s doorstep.

🔥 What Even Is a DoS/DDoS Attack?

Let’s cut the jargon.

  • DoS (Denial of Service): One attacker floods your server with requests to make it crash. It’s like one guy calling customer care repeatedly so no one else can get through. Annoying? Yes. Dangerous? Absolutely.

  • DDoS (Distributed Denial of Service): Now that guy brings 10,000 friends, most of whom are hacked toasters, baby monitors, or your grandma’s smart fridge. It's not a prank anymore it's a siege.

Congrats, you’re popular. But in the “oh no, we’re going offline” kind of way.

🎯 The Attack Vectors (aka, how they punch you in the face)

These aren’t just some vague concepts attackers use some real dirty tricks:

  • SYN Flood – Half-open TCP connections that never complete. Your server’s memory? Toast.

  • UDP Flood – No handshakes, just raw traffic spam. Fast, messy, and silent.

  • HTTP Flood – Legit-looking HTTP requests at scale. Imagine a million users hitting /login at once.

  • Slowloris – Opens a connection… and sloo…oowly sends data byte by byte. Like someone ordering food one syllable at a time.

  • Amplification Attacks – Using open DNS or NTP servers to reflect and magnify the traffic. The attacker says "hi", the victim receives "HIHIHIHIHIHIHIHI".

🧰 The Tools They Use

This is where things get sketchy:

  • LOIC/HOIC : Script kiddie favorites. Press button, kill server.

  • Botnets : Compromised fridges yes you read that right your innocent FRIDGE, baby monitors, routers yeah, IoT’s dark side.

  • DDoS-as-a-Service : Yup, you can rent an attack for the price of a pizza. Dark web marketplaces are the new malls.

💀 Why You Should Panic (a little)

Here’s what you risk:

  • Application downtime = pissed-off users

  • Revenue loss, especially if you're in e-commerce, SaaS, or any always-on industry.

  • Your monitoring dashboard? Might as well be fireworks.

🛡️ Defense Mode: How To Not Die

Okay, time to adult. Here's how to survive when the internet throws a tantrum:

✅ Rate Limiting

Throttle like your sanity depends on it.
Set limits on:

  • IP request rates

  • Login attempts

  • API calls per user-agent

Yes, Karen from Accounts might complain she was rate-limited. But Karen doesn’t pay your infra bills.

✅ WAF + CDN

Let the big guys take the hit for you.
Use Cloudflare, AWS Shield, Akamai the digital bouncers for your club.

  • Blocks shady traffic at the edge

  • Hides your actual server

  • Absorbs massive floods like it’s just another Tuesday

✅ CAPTCHA / JavaScript Challenges

Bots hate them. Users tolerate them. Everyone wins.
Just don’t make them solve 8 image puzzles and decrypt hieroglyphics. You're not Indiana Jones.

✅ IP Blacklisting / Geo-blocking

If your product is only used in India, why is your server getting 3,000 login attempts from Bulgaria at 2:30 AM?
Block the nonsense.

✅ Anomaly Detection

Set alerts for:

  • Traffic spikes

  • Weird user-agents

  • “Why is someone hitting / healthcheck 1,000 times a second?”

You don’t need fancy ML models basic pattern recognition goes a long way.

🧠 Bonus: Should You Build Your Own DoS Prevention System?

Short answer: You can.
Real answer: You’ll probably regret it unless you’re Cloudflare or have a dedicated SRE/DevSecOps team.

But hey, if you’re up for a challenge (I know I was), it can be fun to:

  • Analyze logs in real time.

  • Block IPs on the fly.

  • Track unusual spikes in referrers or user-agents.

  • Even build a dashboard showing attack patterns (and flex it).

Just don’t forget to actually shut down the malicious threads ask me how I know. 🫠

📝 TL;DR

  • DoS = One attacker. DDoS = Many.

  • Stay paranoid: if you’re on the internet, you’re a target.

  • Prevention is layered: rate limits, CDNs, WAFs, behavioral rules.

  • Your code should fail gracefully. No infinite threads. No memory hoarding.

  • Don’t wait for the attack to build your defenses. That’s like locking your door after the thief left with your TV.

🎯 Final Thought

“If uptime is your love language, DoS is the breakup text. Block it fast”

Now go check your logs, update your firewall rules, and maybe just maybe thank your CAPTCHA for saving the day.

0
Subscribe to my newsletter

Read articles from Santhosh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

dos attackddos attacksddosattacknetwork security

Written by

Santhosh
Santhosh

I’m a software developer passionate about exploring new technologies and continuously learning. On my blog, I share what I discover—whether it’s cool tricks, coding solutions, or interesting tools. My goal is to document my journey and help others by sharing insights that I find useful along the way. Join me as I write about: Programming tips & tricks Lessons from everyday coding challenges Interesting tools & frameworks I come across Always curious, always learning—let’s grow together! 🚀