Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 1 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Denial-of-service attack AI simulator
(@Denial-of-service attack_simulator)
Hub AI
Denial-of-service attack AI simulator
(@Denial-of-service attack_simulator)
Denial-of-service attack
In computing, a denial-of-service attack (DoS attack; UK: /dɒs/ doss US: /dɑːs/ daas) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.
In a distributed denial-of-service attack (DDoS attack; UK: /ˈdiː.dɒs/ DEE-doss US: /ˈdiː.dɑːs/ DEE-daas), the incoming traffic flooding the victim originates from many different sources. More sophisticated strategies are required to mitigate this type of attack; simply attempting to block a single source is insufficient as there are multiple sources. A DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade and losing the business money. Criminal perpetrators of DDoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge and blackmail, as well as hacktivism, can motivate these attacks.
Panix, the third-oldest ISP in the world, was the target of what is thought to be the first DoS attack. On September 6, 1996, Panix was subject to a SYN flood attack, which brought down its services for several days while hardware vendors, notably Cisco, figured out a proper defense. The release of sample code during the event led to the online attack of Sprint, EarthLink, E-Trade, and other major corporations in the year to follow.
Cloudflare claims to have recorded and successfully autonomously blocked a 40-second DDoS attack on 23 September, 2025 that reached a peak volume of 22.2 Tb/s, which would be the largest DDoS attack to date. Cloudflare has stated that over 404,000 source IPs were used to target one IP address, and that the source IPs were not spoofed. According to Cloudflare, this came after several other large-scale DDoS attacks, each consecutively beating the previous record, including a 7.3 Tb/s attack in May 2025 and an 11.5 Tb/s attack on 1 September, 2025.
In February 2020, Amazon Web Services experienced an attack with a peak volume of 2.3 Tb/s. In July 2021, Cloudflare boasted of protecting its client from a DDoS attack from a global Mirai botnet that was up to 17.2 million requests per second. Russian DDoS prevention provider Yandex said it blocked a HTTP pipelining DDoS attack on Sept. 5. 2021 that originated from unpatched Mikrotik networking gear. In the first half of 2022, the Russian invasion of Ukraine significantly shaped the cyberthreat landscape, with an increase in cyberattacks attributed to both state-sponsored actors and global hacktivist activities. The most notable event was a DDoS attack in February, the largest Ukraine has encountered, disrupting government and financial sector services. This wave of cyber aggression extended to Western allies like the UK, the US, and Germany. Particularly, the UK's financial sector saw an increase in DDoS attacks from nation-state actors and hacktivists, aimed at undermining Ukraine's allies.
In February 2023, Cloudflare faced a 71 million/requests per second attack which Cloudflare claims was the largest HTTP DDoS attack at the time. HTTP DDoS attacks are measured by HTTP requests per second instead of packets per second or bits per second. On July 10, 2023, the fanfiction platform Archive of Our Own (AO3) faced DDoS attacks, disrupting services. Anonymous Sudan, claiming the attack for religious and political reasons, was viewed skeptically by AO3 and experts. Flashpoint, a threat intelligence vendor, noted the group's past activities but doubted their stated motives. AO3, supported by the non-profit Organization for Transformative Works (OTW) and reliant on donations, is unlikely to meet the $30,000 Bitcoin ransom.
In August 2023, the group of hacktivists NoName057 targeted several Italian financial institutions, through the execution of slow DoS attacks. On 14 January 2024, they executed a DDoS attack on Swiss federal websites, prompted by President Zelensky's attendance at the Davos World Economic Forum. Switzerland's National Cyber Security Centre quickly mitigated the attack, ensuring core federal services remained secure, despite temporary accessibility issues on some websites. In October 2023, exploitation of a new vulnerability in the HTTP/2 protocol resulted in the record for largest HTTP DDoS attack being broken twice, once with a 201 million requests per second attack observed by Cloudflare, and again with a 398 million requests per second attack observed by Google. In August 2024, Global Secure Layer observed and reported on a record-breaking packet DDoS at 3.15 billion packets per second, which targeted an undisclosed number of unofficial Minecraft game servers.
In October 2024, the Internet Archive faced two severe DDoS attacks that brought the site completely offline, immediately following a previous attack that leaked records of over 31 million of the site's users. The hacktivist group SN_Blackmeta claimed the DDoS attack as retribution for American involvement in the Gaza war, despite the Internet Archive being unaffiliated with the United States government; however, their link with the preceding data leak remains unclear.
Denial-of-service attack
In computing, a denial-of-service attack (DoS attack; UK: /dɒs/ doss US: /dɑːs/ daas) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.
In a distributed denial-of-service attack (DDoS attack; UK: /ˈdiː.dɒs/ DEE-doss US: /ˈdiː.dɑːs/ DEE-daas), the incoming traffic flooding the victim originates from many different sources. More sophisticated strategies are required to mitigate this type of attack; simply attempting to block a single source is insufficient as there are multiple sources. A DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade and losing the business money. Criminal perpetrators of DDoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge and blackmail, as well as hacktivism, can motivate these attacks.
Panix, the third-oldest ISP in the world, was the target of what is thought to be the first DoS attack. On September 6, 1996, Panix was subject to a SYN flood attack, which brought down its services for several days while hardware vendors, notably Cisco, figured out a proper defense. The release of sample code during the event led to the online attack of Sprint, EarthLink, E-Trade, and other major corporations in the year to follow.
Cloudflare claims to have recorded and successfully autonomously blocked a 40-second DDoS attack on 23 September, 2025 that reached a peak volume of 22.2 Tb/s, which would be the largest DDoS attack to date. Cloudflare has stated that over 404,000 source IPs were used to target one IP address, and that the source IPs were not spoofed. According to Cloudflare, this came after several other large-scale DDoS attacks, each consecutively beating the previous record, including a 7.3 Tb/s attack in May 2025 and an 11.5 Tb/s attack on 1 September, 2025.
In February 2020, Amazon Web Services experienced an attack with a peak volume of 2.3 Tb/s. In July 2021, Cloudflare boasted of protecting its client from a DDoS attack from a global Mirai botnet that was up to 17.2 million requests per second. Russian DDoS prevention provider Yandex said it blocked a HTTP pipelining DDoS attack on Sept. 5. 2021 that originated from unpatched Mikrotik networking gear. In the first half of 2022, the Russian invasion of Ukraine significantly shaped the cyberthreat landscape, with an increase in cyberattacks attributed to both state-sponsored actors and global hacktivist activities. The most notable event was a DDoS attack in February, the largest Ukraine has encountered, disrupting government and financial sector services. This wave of cyber aggression extended to Western allies like the UK, the US, and Germany. Particularly, the UK's financial sector saw an increase in DDoS attacks from nation-state actors and hacktivists, aimed at undermining Ukraine's allies.
In February 2023, Cloudflare faced a 71 million/requests per second attack which Cloudflare claims was the largest HTTP DDoS attack at the time. HTTP DDoS attacks are measured by HTTP requests per second instead of packets per second or bits per second. On July 10, 2023, the fanfiction platform Archive of Our Own (AO3) faced DDoS attacks, disrupting services. Anonymous Sudan, claiming the attack for religious and political reasons, was viewed skeptically by AO3 and experts. Flashpoint, a threat intelligence vendor, noted the group's past activities but doubted their stated motives. AO3, supported by the non-profit Organization for Transformative Works (OTW) and reliant on donations, is unlikely to meet the $30,000 Bitcoin ransom.
In August 2023, the group of hacktivists NoName057 targeted several Italian financial institutions, through the execution of slow DoS attacks. On 14 January 2024, they executed a DDoS attack on Swiss federal websites, prompted by President Zelensky's attendance at the Davos World Economic Forum. Switzerland's National Cyber Security Centre quickly mitigated the attack, ensuring core federal services remained secure, despite temporary accessibility issues on some websites. In October 2023, exploitation of a new vulnerability in the HTTP/2 protocol resulted in the record for largest HTTP DDoS attack being broken twice, once with a 201 million requests per second attack observed by Cloudflare, and again with a 398 million requests per second attack observed by Google. In August 2024, Global Secure Layer observed and reported on a record-breaking packet DDoS at 3.15 billion packets per second, which targeted an undisclosed number of unofficial Minecraft game servers.
In October 2024, the Internet Archive faced two severe DDoS attacks that brought the site completely offline, immediately following a previous attack that leaked records of over 31 million of the site's users. The hacktivist group SN_Blackmeta claimed the DDoS attack as retribution for American involvement in the Gaza war, despite the Internet Archive being unaffiliated with the United States government; however, their link with the preceding data leak remains unclear.
Recent media
Recent media