DDoS

A DDoS floods a target from many sources (usually a botnet) so legitimate users can’t get through — an availability attack. The three layers each need different defenses: volumetric attacks (raw bandwidth, amplification) are absorbed by cloud scrubbing and anycast; protocol attacks (SYN floods) by stateful filtering and SYN cookies; application-layer attacks (slow, low-volume HTTP) by rate limiting and WAF rules. Over-provisioning buys headroom but isn’t a strategy on its own.