DDoS Attacks: the "digital traffic jams" that can paralyze a country (and why it's going to get worse)
A DoS / DDoS attack is exactly this: a traffic jam created on purpose, not to steal your data, but to stop you from reaching a service.

We're sold digital as something smooth. Instant. Always available.
The truth is that the Internet looks more like a motorway: traffic flows... until the day someone decides to block the lane.
A DoS / DDoS attack is exactly that: a traffic jam created on purpose, not to steal your data, but to stop you from reaching a service.
No ransom. No encrypted files. No dramatic message.
Just noise. Volume. Saturation. And suddenly, everyone rediscovers the obvious: if a service is "online," it can also be taken offline.
DoS vs DDoS: the difference that changes everything
A DoS attack (denial of service) is when an attacker sends so many requests to a site or an application that it eventually breaks. As if someone kept calling a switchboard over and over to keep the line busy.
A DDoS attack is the same thing... but on an industrial scale.
The "D" in DDoS stands for "distributed": instead of a single attacker, you have a crowd attacking at the same time.
And that crowd isn't made up of hackers behind their screens. It's often made up of hacked machines.

Image source: Cloudfare
Most DDoS attacks are carried out using your devices... without your knowing
The heart of modern DDoS is what's called a "botnet."
Or to put it simply: a network of zombie machines.
A home router that's never been updated.
An IP camera installed in a hurry.
A home-automation box bought "on the cheap" from a well-known e-commerce site.
A PC infected by some dodgy software.
All of these devices can be enrolled, silently, and used as soldiers. And the day the attack starts, they send traffic to the target, en masse, until they smother it.
This isn't "the future." It's already the present.
And that's what makes the subject uncomfortable: DDoS is a collective attack built out of our individual carelessness.

Why would anyone do this?
Because it's simple, profitable, and sometimes politically useful.
The most common motives:
- Blackmail: "pay up, or your site stays unreachable."
- Revenge: a competitor, a frustrated customer, a symbolic target.
- Politics / hacktivism: hitting visible services to send a message.
- Diversion: creating chaos to draw attention away while something else is happening elsewhere.
The common thread: in every case, the goal isn't subtlety. It's impact.
And the impact is you: the citizen, the customer, the user, the one who depends on the service.
A server isn't fragile, it's limited
An online service (website, application, API) runs on finite resources:
- a network capacity (how much data it can receive),
- a compute capacity (how many requests it can process),
- a logical capacity (how many connections it can handle in parallel).
As long as the requests arrive at a normal pace, everything's fine.
But a DDoS attack isn't trying to "get into" the system. It's trying to wear it down.
It's an attack by exhaustion.
What a DDoS attack really does
Contrary to what people imagine, most attacks don't consist of "sending random junk."
They send valid requests, but in far too large a quantity.
For example:
- requesting the home page,
- opening a connection and never closing it,
- simulating a user browsing "normally," but thousands of times per second.
To the server, these requests look like real users.
So it tries to respond... until it can't take any more.

Image source: Avast
The key point: the server works before it even replies
For every request it receives, a service has to:
- check where it came from,
- open a connection,
- allocate a bit of memory,
- sometimes query a database,
- prepare a response.
Even if the response never arrives, the work has already been done.
A DDoS attack exploits exactly that:
it forces the system to work... for nothing.
Why modern DDoS attacks are so hard to block
Twenty years ago, an attack often came from a single source.
Today, it comes from tens of thousands of machines, sometimes spread all over the world.
The result:
- blocking one IP address is useless,
- filtering an entire "country" isn't realistic,
- and telling a real user from a fake one becomes extremely complex.
Some attacks even use legitimate third-party services (misconfigured servers, exposed equipment) to amplify the traffic.
A single message sent by the attacker can turn into dozens of responses aimed at the victim.
It's the digital equivalent of shouting into a valley to trigger an avalanche.
Why "having big servers" isn't enough
It's a very common idea:
"We're big, we've got the infrastructure, we'll hold."
In reality, a DDoS attack doesn't always target raw bandwidth.
It often targets the weakest link:
- a forgotten API,
- an authentication service,
- a link between two systems,
- a third-party provider.
It only takes one component to fall for everything else to follow.
That's why highly structured organizations can end up on their knees for several hours, without there being any "flaw" in the classic sense.
The role of anti-DDoS protections (and their limits)
Anti-DDoS solutions aren't magic.
They rest on three principles:
- absorb the traffic (have more capacity than the attacker),
- filter whatever looks like abnormal behavior,
- delegate the cleanup to specialized infrastructures.
But even with these tools, there's always:
- a detection time,
- an adaptation time,
- a user impact.
So the real challenge isn't "avoiding every outage."
It's to reduce the duration, the impact and the surprise.
When La Poste goes down, everyone understands what a DDoS is
In late 2025, La Poste suffered an attack of this kind.
And what's interesting is less "who" claimed it than what it reveals.
A company or a service can be solid, serious, well-organized... and still get its access cut off, temporarily, simply because the attack plays on a dumb principle: a system's capacity isn't infinite.
Just before Christmas, it doesn't hit "digital."
It hits daily life: parcel tracking, admin tasks, banking services, trust.
And it's a reminder of a rule: denial of service is an attack on society.

Why it's going to get worse (and why we need to stop pretending)
Because we keep multiplying dependencies, without multiplying discipline.
- We connect everything, everywhere.
- We outsource entire services.
- We stack up tools, providers, apps.
- And we keep buying connected hardware with security that's sometimes nonexistent.
The result: the more vulnerable devices there are, the easier it is to build an army.
And the more essential our services become (public or private), the more serious the impact of an outage becomes.
DDoS isn't "spectacular."
But it's perfect for an era where everything has to work all the time.
How to protect yourself?
If you're a company / public body
- Plan for the attack before you suffer it: a critical service must have a degraded mode (even a minimal one).
- Get anti-DDoS protection: it's not a luxury, it's continuity insurance.
- Work on your communication: during a DDoS, silence does more damage than the attack.
- Test: not to tick a box, but to make sure that on the day it hits, you're not discovering your weaknesses live.
And before throwing stones at anyone, keep in mind that despite every possible protection, a company can still end up out of service after a DDoS attack.
If you're an individual
Your challenge isn't to "block an attack."
Your challenge is to avoid becoming an unwitting soldier.
- Change default passwords (cameras, router, box, home automation).
- Run the updates (yes, even the ones that get on your nerves).
- Avoid cheap connected devices: low price often means no security.
- If you don't need remote access, disable it.
Understanding DDoS means understanding our dependence
A DDoS attack steals nothing.
It encrypts nothing.
Sometimes it leaves no lasting trace.
But it puts everyone face to face with a simple truth:
what is accessible can be made inaccessible.
And the more our daily lives depend on online services, the more these attacks become weapons of impact, not hacker gadgets.
Understanding how they work doesn't mean becoming paranoid.
It means no longer being naive.
You can love digital, use it, depend on it... but we have to stop believing it works by magic.
DDoS isn't an "intelligent" attack.
It's an attack that exploits our modern world: rushed, dependent, impatient.
And that's exactly why it works.
Questions fréquentes
What's the difference between a DoS attack and a DDoS attack?
A DoS attack comes from a single source that sends too many requests to a service until it breaks. A DDoS is the same logic, but 'distributed': a crowd of machines attacks at the same time, which makes it far harder to block.
Can my computer or my connected devices take part in a DDoS attack without my knowing?
Yes. A router that's never updated, an IP camera or a cheap home-automation box can be hacked and enrolled in a botnet, then used silently as 'soldiers' to send traffic toward a target.
Why isn't having big servers enough to protect against a DDoS?
Because an attack doesn't always target raw bandwidth, but the weakest link: a forgotten API, an authentication service or a third-party provider. It only takes one component to fall for everything else to follow.
How can an individual protect themselves?
The point isn't to block an attack but to avoid becoming an unwitting soldier: change default passwords, run updates, avoid cheap connected devices and disable remote access you don't need.
Does anti-DDoS protection guarantee you'll never be cut off?
No. Anti-DDoS solutions rely on absorption, filtering and delegating the cleanup, but there's always some detection time, adaptation time and a user impact. The realistic goal is to reduce the duration, the impact and the surprise, not to avoid every outage.
Sources & méthodologie

Être en cybersécurité
Une feuille de route cyber en clair, pour tout le monde, pas seulement les experts.
