# How a DDOS Attack Works. How Hackers Can Bring Down a Website.

## Метаданные

- **Канал:** PowerCert Animated Videos
- **YouTube:** https://www.youtube.com/watch?v=YthJmMZ0WkA
- **Дата:** 04.05.2026
- **Длительность:** 9:03
- **Просмотры:** 17,879

## Описание

Surf the internet safely and anonymously.  
Get the VPN that I use.  https://nordvpn.com/powercert
(affiliate) Get 74% off a 2-year plan + 4 months free.

In this video we discuss what is a DDOS attack.  How Hackers Crash Any Website.   How a DDOS works.  How do you prevent and defend against a DDOS.  And why do people do a DDOS attack.

DDOS stands for distributed denial of service.  And this is a cyber attack on a specific server or network with an intended purpose of disrupting that network or server’s normal operation.
#ddos #ddosattack #ddosprotection 

Topics Include:
What is a DDOS?:  00:00
How it works - SYN Flood:  00:40
HTTP Flood:  03:17
DOS Attack: 03:58
DDOS Attack:  04:18
How to identify a DDOS:  05:13
How to prevent a DDOS:  06:00
Rate Limiting:  06:24
Web Application Firewall:  07:03
Load Balancer:  07:47
Why do people do it?:  08:15

## Содержание

### [0:00](https://www.youtube.com/watch?v=YthJmMZ0WkA) What is a DDOS?

Hello everyone. In this video, we're going to be talking about how a DDoS works. Now, before we discuss how it works, we must first talk about what a DOS is. Now, DOS stands for distributed denial of service. And this is a cyber attack on a specific server or network with an intended purpose of disrupting that network or server's normal operation. And a DOS attack does this by flooding the targeted network or server with a constant bombardment of traffic such as fraudulent requests which overwhelms the system causing a disruption or denial of service to legitimate traffic.

### [0:40](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=40s) How it works - SYN Flood

So how does a DDoS attack work? Well, there are several different types of DDoS attacks, but one of the most common is called a sinflood attack. A sinflood attack exploits a vulnerability in the transmission control protocol or TCP. Now, whenever two devices such as a computer and a server want to communicate with each other over a network, they must first establish a session. And they do this by using TCP. And TCP uses what's called a three-way handshake. So the first step in the three-way handshake is that a computer will send a message called a send s yn to the server. And then the second step, the server will send back an acknowledgement message telling the computer that it has received the message. And then the server will open up a port and wait for a response. And then the third and final step, the computer sends another acknowledgement message back to the server. And then once this has taken place, a session is established and communication can now take place. So how does a DDoS exploit this? Well, during a DDoS send flood attack, it exploits the three-way handshake by not completing the third and final step. So here is how it works. When a DOS happens, it'll send the targeted server with a send request and then the server will send an acknowledgement back to the computer, open up a port, and wait for a response. So, the first two steps are completed. But the problem is that a DOS attack doesn't complete the third and final step. It never sends back an acknowledgement to the server. It just leaves a server hanging with a halfopen connection. So instead of completing the third step, a DOS attack will just use the first step and send a constant flood of send requests to the server. And when this happens, these requests are going to fill up the server's connection queue and leave thousands of ports open and waiting for a response. And by doing this, this will cause a server to be overwhelmed and exhaust its resources, causing it to lag or come to a grinding halt. So now when legitimate traffic connects to the server, the server would not be able to respond because it's now overwhelmed from a DOS attack. So this is how a DDoS can bring down a server.

### [3:17](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=197s) HTTP Flood

Now there's also another type of DDoS attack and this is called an HTTP flood. HTTP stands for hypertext transfer protocol which is the language that's used for building and loading web pages. An HTTP flood is a simpler attack compared to a sin flood, but it's not as effective. This is when a bunch of devices opens up a server's web page and constantly refreshes the web page. This sends a flood of HTTP requests to the web server, causing it to overload the server's resources, which would result in the website running slow or crash.

### [3:58](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=238s) DOS Attack

So what actually starts a DOS attack? Well, a DOS attack does not come from a single source because if an attack came from a single source, then this is known as a DOS attack. DOS attacks are easier to deal with because since it's coming from one source, it can easily be blocked. But a DDoS attack comes from

### [4:18](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=258s) DDOS Attack

hundreds or even thousands of sources, which is where we get the name distributed. These sources are computers and devices that have been infected with malware. And this malware has drafted these computers to be used in a DDoS attack without the owner of the computers knowing about it. And these computers are now in a DDoS attack army called a botnet. And this botnet is commanded by a bad actor who is the ring leader. So when this ring leader is ready to carry out the DOS attack, it'll send the attack coordinates to each computer such as the target IP address of the server to bring down and then once the time is given all the computers at the same time will flood the target with a constant bombardment of fraudulent send requests and bring down that server.

### [5:13](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=313s) How to identify a DDOS

So how do you identify a DOS attack? While DOS attacks are mainly recognized if a server or service all of a sudden becomes very slow or unavailable. So for example, if you're on a website or an application and all of a sudden they start to run very slow, the links don't work or you can't even connect to it. Or another example, if you're an online gamer and all of a sudden the game lags or you can't connect to the game server, then this could be also the result of a DOS attack. Now, these scenarios don't necessarily mean that a DDoS is happening. It could just mean that these servers are just having other issues internally, but a DOS attack shouldn't be ruled out.

### [6:00](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=360s) How to prevent a DDOS

So, how do you prevent a DOS attack? Well, the biggest challenge in preventing and defending against a DDoS attack is distinguishing between fraudulent traffic and legitimate traffic. Because as an organization, you definitely don't want to block legitimate traffic. But there are several ways that an organization can do to prevent and defend against a DOS

### [6:24](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=384s) Rate Limiting

attack. So for example, an organization can implement rate limiting. Rate limiting sets a limit on the amount of requests that a server will accept from an IP address over a certain period of time. So for example, the computers in this botnet will each have a different IP address. So when a DOS attack happens, the rate limiter will set a limit of the requests coming from each of these IP addresses. And if the computers reach that limit over a certain period of time, the rate limiter will block them and protect the server from getting DDoS.

### [7:03](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=423s) Web Application Firewall

And another way is by using a web application firewall. Now, this is a layer 7 firewall that is typically designed to defend against an HTTP flood attack, which we talked about earlier. This firewall analyzes the traffic coming in from the internet and will filter out fraudulent and malicious requests before they reach the server. So in this example, we have a mixture of legitimate computers which are the green ones and we have malicious computers which are the red ones. So as they send their HTTP requests to the server, the firewall will block the requests from the malicious computers and allow legitimate ones.

### [7:47](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=467s) Load Balancer

requests from the legitimate ones. And another way is by using a load balancer. A load balancer is a piece of hardware or software that is used to evenly distribute data activity across multiple servers so that no single server becomes overwhelmed with the workload. So when a DDoS attack happens, the load balancer can spread out the attack to multiple servers so that no single server takes on the full force of the attack.

### [8:15](https://www.youtube.com/watch?v=YthJmMZ0WkA&t=495s) Why do people do it?

So the last question is well why do people do a DDoS attack? Well, DDoS attacks can happen for several reasons. It could be for financial reasons where the attacker is DDoSing a competitor in a marketplace. It could also be for political reasons. Maybe they don't like the targeted organization's beliefs. Or it could also be that the attacker is just doing it for fun. So guys, I want to thank you for watching this video on how a DDoS works. Please subscribe, leave a comment, and I will see you in the next video.

---
*Источник: https://ekstraktznaniy.ru/video/50033*