Others mentioned good points but don’t really capture the scale or techniques. A high volume DDoS may even overwhelm the network equipment, so simply saturating the network with garbage traffic. On the smaller scale, a server has limited resources to handle connections. So in the most extreme case, you simple run out of memory to store all the incoming requests. More likely you exhaust a thread pool or run out of connection handles. This “breaks” the server as it may not have resources left to recover to a working state even after the attack has stopped.
As for techniques, DDoS don’t just spam genuine requests. Usually the requests are malformed to have the worst impact on the servers. For example you only send the connection request without completing the full handshake. Now the server has to wait until the connection times out which consumes resources for a potentially long time.
CDN & security companies like Akamai actually have data centers designed to intercept and “scrub” DDoS traffic. Akamai has a few dozen of them around the world. From their website:
Prolexic is the industry pioneer in cloud-based DDoS protection. Network traffic is directed in one of two ways via a border gateway protocol route advertisement change or DNS redirection (A record or CNAME record). Available as an always-on or on demand service, Prolexic offers flexible integration models based on the needs of a customer’s desired security posture across hybrid origins. With global high-capacity scrubbing centers in 32 metro locations, Prolexic can stop attacks closer to the source to maximize performance for users and maintain network resiliency through cloud distribution. Traffic is routed via anycast through the closest scrubbing center, at which the Akamai SOCC deploys proactive and/or custom mitigation controls designed to stop attacks instantly — ensuring fast and accurate DDoS defenses. Clean traffic is then returned to the customer origin via Generic Routing Encapsulation (GRE) tunnels, Layer 2 VLAN connections, and/or VIP-to-origin back-end mapping.
Others mentioned good points but don’t really capture the scale or techniques. A high volume DDoS may even overwhelm the network equipment, so simply saturating the network with garbage traffic. On the smaller scale, a server has limited resources to handle connections. So in the most extreme case, you simple run out of memory to store all the incoming requests. More likely you exhaust a thread pool or run out of connection handles. This “breaks” the server as it may not have resources left to recover to a working state even after the attack has stopped.
As for techniques, DDoS don’t just spam genuine requests. Usually the requests are malformed to have the worst impact on the servers. For example you only send the connection request without completing the full handshake. Now the server has to wait until the connection times out which consumes resources for a potentially long time.
CDN & security companies like Akamai actually have data centers designed to intercept and “scrub” DDoS traffic. Akamai has a few dozen of them around the world. From their website: