Quiz Entry - updated: 2026.06.26
What is the difference between DoS and DDoS, and what general defenses exist?
Both make a system unreachable through overload — DoS comes from one source, DDoS comes from many distributed sources simultaneously.
DDoS is much harder to mitigate because you can't simply blocklist one IP. Attack traffic comes from a botnet of compromised devices (IoT cameras, home routers, infected PCs) or from reflectors.
General defenses (OWASP DoS Cheat Sheet):
- Rate-limit requests per source IP / per user / per resource — accept the load you can serve and shed the rest gracefully.
- Push the bottleneck out — put the choke point (firewall, WAF, load balancer) in front of the expensive parts so cheap rejection happens early.
- Avoid self-DoS — cap memory, cap loops, no unbounded recursion, no unbounded result sets. A single SQL query returning 10 million rows can take you down without any attacker.
- Disaster Recovery Plan — assume eventually you will go down; plan to detect, communicate, and restore quickly.
Tip: No system has infinite capacity, so "preventing DoS entirely" is impossible. The realistic goal is to fail gracefully, restore quickly, and not be the cheap target — most attackers move on if you're harder than the next site.