LOGBOOK

HELP

Quiz Entry - updated: 2026.06.26

What is the difference between DoS and DDoS, and what general defenses exist?

Both make a system unreachable through overload — DoS comes from one source, DDoS comes from many distributed sources simultaneously.

DDoS is much harder to mitigate because you can't simply blocklist one IP. Attack traffic comes from a botnet of compromised devices (IoT cameras, home routers, infected PCs) or from reflectors.

General defenses (OWASP DoS Cheat Sheet):

  • Rate-limit requests per source IP / per user / per resource — accept the load you can serve and shed the rest gracefully.
  • Push the bottleneck out — put the choke point (firewall, WAF, load balancer) in front of the expensive parts so cheap rejection happens early.
  • Avoid self-DoS — cap memory, cap loops, no unbounded recursion, no unbounded result sets. A single SQL query returning 10 million rows can take you down without any attacker.
  • Disaster Recovery Plan — assume eventually you will go down; plan to detect, communicate, and restore quickly.

Tip: No system has infinite capacity, so "preventing DoS entirely" is impossible. The realistic goal is to fail gracefully, restore quickly, and not be the cheap target — most attackers move on if you're harder than the next site.

From Quiz: ISF / Web Application Security Basics | Updated: Jun 26, 2026