Can You Get DDoSed with a VPN: Here’s the Truth

6 min read by Bogdi

published 2 ani în urmă, updated 2 luni în urmă

While VPN’s have been in service in the business sector for decades, there has been a recent boom in commercial VPN services available to consumers. With a rise in DDoS attacks, more and more people are asking: can a VPN protect me from a DDoS attack?

It is extremely difficult for an attacker to successfully DDoS a target if they are using a VPN. There is no perfect defense against DDoS attacks, but a VPN provides excellent defense for average users.

That’s just a quick answer. The more detailed answer has to do with how DDoS attacks actually work, how VPN’s actually provide protection, and the type of VPN that is being used. We’ll cover all of that and more below.

The Nuts and Bolts of a DDoS Attack

Before we can even begin talking about how VPN’s provide protection, we first have to understand what a DDoS attack is and how it works. We won’t get super technical, but rather just give a quick overview.

DDoS stands for “Distributed Denial of Service” and is essentially a brute force attack. It works, at the simplest level, by just throwing a huge amount of traffic at the host. The immense amount of traffic overwhelms the host’s resources, causing their service to be unreachable by other users.

DDoS attacks are similar to a traffic jam
DDoS attacks are similar to a traffic jam

DDoS attacks can target any device connected to the internet, including:

  • Websites
  • Gaming servers
  • Commercial and business servers
  • Individual computers

For example, if a DDoS attack was targeted at a website, the attacker would simply use their computer (or multiple computers) to send a bunch of dummy traffic to the site. The site uses all its resources trying to process the dummy traffic, and as a consequence, legitimate traffic is unable to get through.

More advanced techniques take advantage of methods like:

  • Spoofing different types of traffic packets
  • Using “DNS Amplification” to further exhaust the host’s resources
  • Diversifying the attack by using multiple methods at once

How VPN’s Provide Protection

So, now that we have a basic understanding of how DDoS attacks work, let’s talk about how a VPN manages to help defend against them. VPN’s are pretty commonplace these days, but in case you don’t understand how they work, we’ll give a very quick and basic summary.

A VPN service acts, essentially, as a middleman which anonymizes and/or spoofs your traffic. For example, if you are using a VPN and browsing the web:

  • Your traffic first goes to the VPN service
  • They then anonymize it and route it through one of their servers
  • The website receives your traffic, then sends back its own traffic
  • The VPN again routes this through their servers and back to you

Close-up of a server from a data center
Close-up of a server from a data center

A good VPN hides all of your data, including your IP address or location.

That, in basic form, is how a VPN protects you from a DDoS attack — if they don’t have your IP address, then they can’t target you. They could potentially try and hit the VPN’s server with a DDoS attack, so that’s what we’ll talk about next.

Can a VPN Be Targeted by a DDoS attack?

Say you become the target of a DDoS attack, but you’re using a VPN. Since they can’t get to you, could they instead attack your VPN service?

Technically, they could launch a DDoS attack at your VPN provider, but an attack of that scale requires a huge amount of resources and has a high probability of failure, so it’s very rare. That amount of effort isn’t something a random person online is going to do; you would have to be an extremely high-value target to make it worthwhile.

If they don’t realize you are using a VPN and launch an attack anyway, there will be minimal consequence to you, if any. The most likely outcome is that they’ll just get frustrated and give up because of the VPN’s defenses, which we’ll discuss below.

VPN’s Screen Traffic

Any good VPN has a multilayered defense against DDoS attacks, since they come in many forms. The first, and perhaps most basic, of them is screening the traffic that comes in.

For example, as a knowledgeable user on /r/VPN points out:

“They can set their firewall easily to drop packets that are not part of connections initiated from inside; that will stop DDoS attacks in their tracks.”

A solution as simple as that can seriously cripple basic attacks on a VPN’s service. Other techniques include:

  • Routing illegitimate traffic into a “black hole”, a dead end that drops the traffic
  • Diffusing extra traffic into other servers — think of it like opening extra doors for customers if the first door is clogged up
  • Limiting the number of requests that the server will even process in a given timeframe (Though experts say this is not sufficient alone to handle a good DDoS attack)

Defense Through Architecture

Another method that VPN and other network servers use to mitigate DDoS attacks is simply to organize the servers in such a way that DDoS attacks are impossible, or at least extremely difficult, to even attempt.

If the first methods we discussed are like installing multiple security systems on your house, then the architectural defense is like removing the front door entirely.

A wall without a door
A wall without a door

There are a few ways to accomplish this, but the easiest way is just to not have any ports open on the server which their users’ traffic is coming from. If there is no entry point, they can’t exactly cram the doorway.

All of these defenses make commercial VPN services nearly untouchable for the small-scale DDoS attacks which you are most likely to come across. Sure, a determined attacker with a ton of resources could theoretically DDoS an entire section of a VPN service just to knock you offline — but you’re very, very unlikely to ever have that happen specifically to you.

Use Extra Caution, Even with a VPN

Even with a VPN, you need to keep in mind good security practices while doing anything online. Remember that a VPN only protects you by hiding your IP address from potential attackers. If an attacker gets a hold of your IP through other means, then your VPN can’t protect you any longer, since they can now target you directly.

How could they still get a hold of your VPN? Well, there are a few methods to watch out for:

  • Your VPN service could be selling your data
  • Your VPN service could just be poorly set up, allowing potential attackers to see your IP unintentionally
  • You could be sent a link to a website that logs your IP, even if you are using a VPN (though web browsers like Chrome are getting better and better at blocking all types of these attacks)
  • You could be sent malware in the form of a game, video file, or otherwise (you could even download malware when connecting to a game server)
  • They could use social engineering to convince the VPN itself to release your records which detail your IP and other personal details

As you can see, a VPN alone won’t protect you. Granted, some of those methods are very difficult and carry serious legal risk, but they are still potential avenues for a dedicated attacker to get to you. You still need to be alert and aware. Using common-sense practices, like not opening files from sources you don’t trust, is still essential.

What Does This Mean for Me?

That’s a lot of information all at once. Here’s a summary of the key points and what this means in practical terms for you:

  • Commercial VPN’s provide great protection against nearly all DDoS attacks
  • Make sure you go with a well-rated and successful VPN provider
  • Don’t open any files from untrusted sources
  • Don’t connect to untrusted game or file servers
  • Understand that no VPN is “bulletproof”, but they still provide plenty of protection for normal users

With that in mind, find yourself a great VPN service and enjoy knowing that you are well protected from DDoS attacks!

Share this with your friends


Related Articles

Here are some articles you might be interested in:

12 Characters Passwords - Examples and Recommendations

4 luni în urmă by Bogdi - 4 min read

12 Characters Passwords are, as the name suggests, passwords composed of 12 characters. These characters can be anything from letters, numbers, and symbols to spaces, letters with diacritics (é, â, ï, etc.), emojis, and so on. In this article, I will show you examples of different types of 12 character passwords, as well as ways to create your own fresh and unique passwords. Examples of Randomly Generated 12 Characters Passwords Randomly generated passwords are passwords that have been created


Do Password Managers Track My Information?

2 ani în urmă by Bogdi - 6 min read

Password overload: it’s unavoidable in this day and age. With so much business conducted online, everything, from buying groceries to subscribing to a new television streaming service, requires a username and password to access. As the sheer volume of passwords is not possible to remember anymore, it can be helpful to use a password manager. Password managers, in addition to keeping track of your…


5 Steps To Deleting Your Child’s Snapchat Account

un an în urmă by Bogdi - 6 min read

Snapchat is one of the most popular social media apps for kids and teens these days. While it can be a great tool to use, it is also easy for your child to act inappropriately on this site with their friends, so it’s good to know how to delete your child’s Snapchat account in case you need to. Let’s take a closer look at some of the steps parents can take to help shut down a snapchat account and why it is important to discuss online safety with your children before they ever use this account.


What questions do you have?

I make sure to answer them as soon as possible!

This website contains affiliate links. This website uses cookies to enhance the user experience. Check the Privacy policy for more details.
  • Copyright © 2020 YOU are safe online.
  • All Rights Reserved.