DoS and DDoS attacks both aim to disrupt system availability by flooding a target with excessive traffic, but they differ in how the attack is launched and managed.
- Generate malicious traffic to consume bandwidth, CPU, memory, or connection resources, resulting in service degradation or downtime.
- Use TCP SYN, UDP, ICMP and HTTP flood attacks to overload network and application services.
- Prevented using firewalls, IPS, WAFs, rate limiting and DDoS protection solutions.
DOS Attack
A DOS (Denial of Service) attack is a type of cyberattack where one internet-connected computer floods a different computer with traffic, especially a server, to instigate a crash. DOS attacks specifically appear when targeted at a website, making the site unavailable and causing a major disruption of online services.

- Single Source: Starts from a single system only, as described above.
- Traffic Volume: Turnover remains high; however, the source remains limited to a single point of origin.
- Traceability: Making tracing easier compared to a distributed form.
- Blockability: Easily blocked since ALL of the traffic comes from one source.
DDOS Attack
Distributed Denial of Service attack follows a similar pattern to DoS attack, but execution involves multiple systems located across different locations working together, with compromised devices often called bots.

- Multiple Sources: Attack begins from multiple systems, often originating across different environments.
- Traffic Volume: Multiple sources generate much higher traffic volume, resulting in greater impact and increased severity.
- Difficulty in Tracing: Attack launched through multiple computer instances across different locations, making origin difficult to trace.
- Complexity in Blocking: Blocking Distributed Denial of Service attack becomes more challenging due to origins spread across multiple locations.
DoS vs. DDoS Attacks
| DoS (Denial of Service) | DDoS (Distributed Denial of Service) |
|---|---|
| Single system targets victim system | Multiple systems attack victim system |
| Traffic originates from one location | Traffic originates from multiple locations |
| Sends limited volume of packets compared to DDoS | Sends massive volume of traffic to overwhelm target |
| Slower compared to DDoS attacks | Faster and more powerful due to distributed sources |
| Easier to block since only one source is involved | Difficult to block due to multiple attacking sources |
| Easier to trace origin of attack | Very difficult to trace origin |
| Uses single device or tools for attack | Uses multiple compromised devices (botnet) |
| Causes moderate impact on target system | Causes severe impact and complete service disruption |
Examples: Buffer overflow, ICMP flood (Ping of Death), Teardrop, Flooding | Examples: Volumetric, Fragmentation, Application layer, Protocol-based attacks |