A reference on application-layer DDoS: why HTTP floods are measured in requests per second, how they diverge from L3/L4 volumetric attacks, why they are cheap to mount and hard to filter, and what actually stops them.
Traces how a request-then-RST_STREAM loop in HTTP/2 sidestepped the concurrency limit that was supposed to bound per-connection work, set DDoS records at 398 and 201 million requests per second, and forced a round of server patches.
Traces the algorithms behind server-side rate limiting as an abuse defense: fixed and sliding windows, the log-versus-counter tradeoff, token and leaky buckets, GCRA, and how Redis enforces them across a fleet.
Traces how large networks soak up terabit floods: anycast catchment that splits attack load across hundreds of sites, scrubbing-center diversion via BGP, RTBH and flowspec, and the capacity headroom that makes it pay.
Traces the SYN flood from the 1996 Panix attack and the Phrack code that armed it, through the half-open backlog mechanism it exhausts, to SYN cookies and the modern variants that still rank near the top of Layer 3/4 attack vectors.
Traces the low-bandwidth slow attacks: Slowloris, slow POST (RUDY), and slow read, how each pins a worker thread on thread-per-connection servers, why event-driven servers shrug them off, and what actually times them out.
How spoofed-source UDP queries turn open DNS resolvers into reflectors, why a 64-byte question returns a 3,000-byte answer, what happened to Spamhaus in 2013, and why BCP 38 and RRL still matter in 2026.
A primary-source history of Mirai: the 62-credential telnet worm of 2016, the record 623 Gbps hit on Krebs and the terabit OVH flood, the Dyn outage, the HackForums source leak, and the three students behind it.
Traces the February 2018 memcached reflection attack that hit GitHub at 1.35 Tbps: UDP port 11211, the 51,000x amplification claim, Akamai's ten-minute mitigation, and why disabling UDP fixed it.
Traces distributed denial of service from the 1996 Panix SYN flood and the 1999 Trinoo tools through Mafiaboy, Spamhaus, Mirai, HTTP/2 Rapid Reset, and the 31.4 Tbps records of 2025.