The foundation of the Internet relies on network components maintaining service availability under load. A Distributed Denial of Service (DDoS) attack is the systematic effort to violate this foundational principle. It is a large-scale, coordinated operation designed to consume the finite resources of a target, be it bandwidth, CPU cycles, memory, or connection tracking capacity. The result is the target system becoming unresponsive to legitimate packet flow, forcing a catastrophic denial of service. This malicious traffic is generated not from a single source, but from a vast, globally distributed network of compromised systems known as a botnet.

This article explains the strategic selection of attack vectors based on target weakness. I will examine how I exploit Layer 4 to overwhelm firewall state tables via incomplete protocol handshakes (like SYN floods), and how I abuse Layer 7 logic to force excessive CPU and memory consumption with minimal Requests Per Second (RPS). Understanding the mechanism of an attack is a prerequisite for implementing effective defense; this is why I chose to adopt the point of view of a black hat hacker.

Why the Target Is Selected

From the attacker's viewpoint, a DDoS operation is fundamentally an exercise in cost-benefit analysis and asymmetric warfare. The goal isn't simply to send traffic; it is to maximize the defender's expenditure in terms of time, resources, and reputation, while minimizing my own. The planning phase centers on target reconnaissance, moving beyond superficial port scanning to identify deeper architectural weaknesses that allow for disproportionate impact.

[...]