DoS vs DDoS Attacks Explained | AP Cybersecurity

AP Cybersecurity Topics › DoS & DDoS Attacks
Unit 3 • Topic 3.1 • Network Vulnerabilities and Attacks

DoS vs DDoS Attacks Explained (Plus Smurf Attacks)

A denial-of-service (DoS) attack overwhelms a system so legitimate users cannot reach it. A distributed version (DDoS) uses many machines at once. Both target availability, one of the CIA goals.

Contents

  1. DoS vs DDoS
  2. Defending against denial of service
  3. Real-world example
  4. Key terms
  5. Match it up
  6. Check for Understanding
  7. FAQ
DoSone source
DDoSmany sources (botnet)
Targetavailability
DoSone sourceDDoSmany sourcesSmurfamplified
Denial of service comes from one source, many sources, or amplification.

DoS vs DDoS

A DoS attack floods a target with more traffic or requests than it can handle, from a single source, until it slows or stops. A DDoS spreads the flood across many compromised machines (a botnet), which makes it far harder to block because the traffic comes from everywhere.

A smurf attack is one technique: the attacker sends requests with the victim's address spoofed so many systems reply to the victim at once, amplifying the flood.

Scenario

A site goes down under traffic from thousands of different IP addresses worldwide. Is this a DoS or DDoS?

Reveal answer

A DDoS. The traffic comes from many distributed sources, almost certainly a botnet, which is what makes it distributed rather than a single-source DoS.

Exam tip

Both target availability. The difference is sources: one (DoS) vs many (DDoS). A smurf attack is an amplification technique.

Defending against denial of service

Defenses include rate limiting, filtering malicious traffic, and using services that absorb and distribute large volumes of traffic. Because a DDoS comes from many sources, blocking a single IP does little.

Detection ties into Unit 3.5: a sudden spike in traffic volume is a key signal that monitoring tools watch for.

Scenario

Why is blocking one IP address ineffective against a DDoS?

Reveal answer

A DDoS uses many distributed sources, so blocking one address barely reduces the flood. Defenses must handle volume from many places at once.

Real-world example

The 2016 Dyn DDoS

A massive DDoS powered by the Mirai botnet of hijacked devices overwhelmed the DNS provider Dyn, briefly knocking major sites like Twitter and Netflix offline. The flood came from countless distributed sources.

Many sources are what make a DDoS hard to block.

Key Terms

DoS Overwhelming a target from a single source.
DDoS A distributed denial of service from many machines.
Botnet A network of compromised devices used to attack.
Smurf attack Amplifying a flood by spoofing the victim's address.

Match It Up

Tap a term, then tap its definition. Correct pairs lock in green.
Term
Definition
All matched. Nice work.

Common Mistakes

!

Treating DoS and DDoS as identical

DoS is one source; DDoS is many. The distinction changes the defense.

!

Thinking DoS steals data

Denial of service targets availability, not confidentiality.

!

Blocking a single IP for a DDoS

With many sources, single-IP blocking is ineffective.

!

Missing amplification

A smurf attack amplifies traffic by spoofing the victim's address.

Check for Understanding

Predict your answer before you tap. Click a choice to check it and read why.
Question 1
The key difference between a DoS and a DDoS attack is:
B. A DoS comes from a single source; a DDoS is distributed across many machines, usually a botnet.
Question 2 Predict first
Both DoS and DDoS attacks primarily target which CIA goal?
C. Denial-of-service attacks make systems unavailable, targeting availability.
Question 3
A smurf attack amplifies traffic by:
B. By spoofing the victim's address, the attacker makes many systems flood the victim with replies.
Question 4 Predict first
Why is blocking a single IP ineffective against a DDoS?
A. A distributed attack uses many sources, so one block barely reduces it.
Question 5
Which statements are true? I. DDoS often uses a botnet. II. DoS targets availability. III. A smurf attack steals credentials.
A. I and II are true. A smurf attack disrupts availability, it does not steal credentials, so III is false.
Question 6
Which is a reasonable DDoS defense?
D. Rate limiting and services that absorb and distribute large traffic volumes help against distributed floods.

Frequently Asked Questions

A DoS attack floods a target from a single source; a DDoS distributes the flood across many machines, usually a botnet, making it much harder to block.
Availability. They aim to make a system or service unreachable for legitimate users, rather than to steal or alter data.
A smurf attack spoofs the victim's address so that many systems send replies to the victim at once, amplifying the flood of traffic.
← PreviousDNS Poisoning
Keep studying
All TopicsUnit 3 Study GuidePractice Questions

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]