Reputable VPNs protect users against DDoS attacks by assigning a different IP that the attacker sees. Thus, the VPN puts its system on the line, fending off the attack instead of the hacker attacking the VPN user.
However, VPNs may not always be effective against DDoS attacks, depending on the attack, how it’s carried out, and what servers it affects.
So, continue reading to learn why a VPN works, where a VPN is limited, and other essential tips to protect yourself against DDoS attacks.
What Is a DDoS Attack?
Short for Distributed Denial of Service, DDoS attacks disrupt access to a service, platform, web server, or other network resources.
The service denial may be targeted at a single user or a broad range of users within the same subnet.
DDoS attacks usually take over several prior-infected computers to form botnets, an army of computers sending bot-like traffic to the server, website, or other online platform targeted in the attack.
How Does a DDoS Attack Work?
Here’s an oversimplification of how a hacker would carry out a DDoS attack:
- Identify the IP address (or IP addresses for a large attack) of the intended victim.
- Send a botnet (army of bots) to the IP address.
- Overwhelm the server on which the IP address is hosted.
That way, the user can’t use the general internet, network, or specific online services such as gaming platforms, websites, etc.
If that’s a little technical, I made up an explanation for DDoS attacks in layman’s terms below.
Suppose there’s a doorway (network resource, e.g., server) that can only let five legitimate people (users) into a room (online service, such as gaming platforms) at once.
But, to prevent the people from accessing that room or to slight the room’s owners, hackers send many illegitimate people (bots) who don’t need the room.
So, about 1000 bots try to enter the room, even though the doorway can’t take more than five people. At the same time, the legitimate users are stuck behind the bots.
Thus, the users are denied that service, while the platform’s admins are also denied their users.
Types of DDoS Attacks
DDoS attacks may end with disrupting access to a service, but they’re not all carried out the same way.
That said, learn the various DDoS attack types based on how they’re carried out in the table below.
|DDoS Attack Type
|Overwhelms the attacked server with too many requests, making it unavailable to users and owners
|Protocol/Network layer attacks
|Uses up server resources, such as bandwidth, firewall allocation, or load balancer, so the network can’t handle new legitimate requests (hence, it goes offline)
|Overloads servers so they can’t generate webpages anymore and crash under the load
Who Launches a DDoS Attack?
DDoS attacks can be launched by fellow gamer-hackers, unintending hackers with a grudge, and cybercriminals looking to extort companies.
While most people aren’t at risk of a direct DDoS attack, prolific online gamers and streamers are often targeted by peers for DDoS attacks.
Such gaming DDoS attacks can give a cheating gamer the win when they force you offline, and the system records that as a forfeit. In Mobile Legends, for example, DDoS attacks could prevent an entire team from coming online to play a Ranked game.
Likewise, hackers sometimes target small, medium, and large-scale businesses with DDoS attacks to extort them.
When a business’s servers go down, it can’t communicate with consumers/suppliers, monitor its sales, accept credit card payments, and more. So, it may be forced to settle with the hackers lest it keeps hemorrhaging money by the minute.
However, it’s not every time a DDoS attack holds a practical reason for the hacker.
In gaming and some online communities, it’s not uncommon to see hackers threaten other community members with a DDoS attack for simply “disrespecting” them.
Overall, DDoS attacks aren’t launched against big brands and corporations alone. They can also be used to attack everyday online users like yourself and SMEs.
So, continue reading to find out how a VPN service protects you and other ways to stay secure against DDoS attacks.
How Can a VPN Protect You Against DDoS Attacks?
Virtual Private Networks (VPNs) assign you a new IP address different from your actual IP address, preventing the hacker from DDoS-ing you directly.
When the hacker does launch a DDoS attack against you, they’ll have to overcome the VPN’s security.
In the headings below, I’ve compressed the various ways a VPN protects you against DDoS attacks.
Your VPN connects your device and the internet with a new IP address that web servers see. Otherwise, anyone with enough knowledge of networks can find your actual IP address. This is usually the first step to a DDoS attack.
Now, whenever the hacker sends their botnet to attack your IP address, the botnet goes to the VPN provider’s servers instead.
Given how much reliable VPN providers spend on upgrading their server security, the hacker will most likely be disappointed with a failed attempt.
Data Encryption Protocols
Changing your IP address isn’t enough. This is where data encryption comes in.
Without a VPN, your internet data travels like
Internet Data > Online platform
Once you’re connected to a VPN, the order changes to
Internet data > VPN tunnel > Online platform
In other words, the online platform (or its users) can’t see or mess with your internet data. Once the VPN tunnels it, you’re the only one who can see your internet activity.
However, the VPN must have robust data encryption protocols.
Otherwise, hackers will bypass it, get to your online data, identify your IP address, and DDoS you still.
VPNs allow you to switch servers, so hackers never have a lock on you.
In any case, where these hackers may be causing disruptions to your service on one server, change to another, and you’re good to go.
When Won't a VPN Protect You Against DDoS Attacks?
Your VPN is limited in protecting you against DDoS attacks in the following scenarios:
- The hacker knows your computer’s IP address already. So, even if you mask your IP with a VPN, they have the actual IP and can direct their botnet there.
- Your VPN uses poor encryption. As explained earlier, poor encryption slows the hacker a bit, but not enough that they don’t finally find your IP address and attack you.
- The DDoS attack is already in progress. A VPN is a preventive measure for DDoS attacks, not a cure. So, connecting to a VPN AFTER the attack starts may not work.
- The attack is present on the servers. If an online gaming platform, website, or other servers are being DDoS attacked, you won’t get access with a VPN. They’re under attack, not you, so they’ll stay offline till they fix the issue.
To take advantage of a VPN’s protection in the instances where it does work, continue below for the criteria to choose a reliable VPN.
Spoiler: My top recommendation is Surfshark.
How to Choose a Secure VPN Against DDoS Attacks?
Not all VPNs offer robust security and privacy protocols to beat a DDoS attack. Check for the following when choosing a VPN to protect your servers online:
- Strong encryption. Your choice VPN should use military-grade AES 256-bit encryption. The technology to crack this encryption isn’t here yet, so there’s no worry of your data getting into the hacker’s hands.
- Kill switch. A kill switch prevents your device from transmitting data (including your actual IP address) whenever your device loses connection to the VPN server. Otherwise, small gaps are enough for the hacker to record your valid IP before reconnecting to the VPN server.
- In-built DDoS protection. Some VPN providers (like PureVPN) offer DDoS protection as a paid add-on. Choose VPNs that have the feature built into all servers and enabled by default on all protocols.
- Split tunneling (Optional). A nice-to-have feature if you only want to protect some apps (such as gaming apps) with the VPN while other apps use your normal connection. However, I recommend using the VPN to protect ALL your online services if it’s not interfering.
Considering the main criteria above, I reviewed a few VPN providers and chose the top 3 for DDoS protection.
Find them below.
My Top 3 VPNs Against DDoS Attacks
I tested and reviewed 15+ VPNs for DDoS protection.
Here are the three that excelled in all categories and what makes them suitable against DDoS attacks.
Surfshark – Protect Unlimited Devices Against DDoS Attacks
Besides in-built DDoS protection on all servers, Surfshark wards off DDoS attacks with a combination of its reliable kill switch, industry-standard encryption on all servers, and IP/DNS/WebRTC leak protection.
In summary, Surfshark is the most impressive VPN for DDoS protection by offering:
- Rotating IPs. You can connect to a single server location while Surfshark automatically rotates your IP address within that server location.
- Kill switch. A physical kill switch is present in the PC and Android apps while it’s built into the iOS app.
- Reliable encryption. You get 256-bit encryption as a standard across all Surfshark’s servers on any protocol.
- Split tunneling. You can set up the VPN to work with some critical apps and programs while other apps/programs don’t have to go through the VPN.
- Unlimited device support. With simultaneous device connections, protect all of your mobile (iOS and Android), PC (Mac, Windows, and Linus), and router-connected devices against DDoS attacks.
Fortunately, Surfshark is highly affordable for all it offers.
Plus, you can grab this Surfshark discount to save more and enjoy a 30-day money-back guarantee.
NordVPN – Two Kill Switches for DDoS Protection
NordVPN’s systems are robust against DDoS attacks. Its in-built DDoS protection enabled by default whenever you connect to any server is helped by meshnet protection, double kill switches, and robust encryption to match.
Overall, here’s what it offers to make that possible:
- Meshnet protection. Encrypt all devices over a meshnet connection, so hackers never take any as the weak link to DDoS your network systems.
- Internet kill switch. Kills all internet transfers and transmissions when the VPN connection drops.
- App kill switch. Just like the internet kill switch but can be configured for critical apps and programs that must be protected at all costs (like your favorite videogame).
- Split tunneling. Protect yourself on sensitive platforms while leaving other apps (such as banking apps) free to surf without passing through your VPN.
- Reliable encryption. Also features 256-bit encryption and an in-house NordLynx protocol to maximize connection speed and security.
NordVPN is affordable and offers six simultaneous DDoS-protected connections across your PC, mobile, router, and some smart TVs.
Also, enjoy these NordVPN discounts to save more on your subscription.
ExpressVPN – Obfuscated Traffic to Throw DDoS Hackers Off
ExpressVPN is vocal about warding off DDoS attacks for gamers, offering robust encryption, its security-focused in-house protocol, and an exclusive kill switch technology on top of basic DDoS protection on all servers.
Check what the VPN provider offers to protect gamers and non-gamers against DDoS attacks:
- Robust encryption. The reliable 256-bit encryption combines with an exclusive Lightway protocol for a balance of speed and security.
- Obfuscated servers. Obfuscation on all servers means your hacker won’t even know you’re using a VPN. Thus, they don’t change their attack approach and still think they’re seeing your actual IP.
- Network Lock. ExpressVPN designed an in-house kill switch called Network Lock to prevent IP/DNS/WebRTC data leaks to hackers.
- Split tunneling. Configure ExpressVPN to protect at-risk apps and platforms while your other apps don’t have to pass through the VPN.
However, ExpressVPN is one of the pricier VPN options.
Fortunately, there are HUGE discounts you can grab today.
How to Tell if I’m Being DDoS Attacked?
There are various signs of a DDoS attack. Some of the general telltale signs are
- Single website down. If you can’t access a website, the website’s hosting server might be bombarded by many bot requests. This will cause the server to crash under the load.
- Slow response. Following the doorway-bots-people example above, a slow response shows that the server handles requests at/close to its critical level.
- Internet access loss. A severe DDoS attack can affect your entire internet access.
- All websites down. It’s almost impossible for all websites to be down simultaneously. In this case, your computer’s servers are being DDoS-ed, not the websites’.
Note that a DDoS attack shares symptoms with other internet-related problems.
For example, a website can be overwhelmed by legitimate traffic, causing a slow or no response. In that case, upgrading the server capacity is the solution.
Likewise, you might lose internet access due to bad weather, internal ISP problems, and other causes.
Don’t Confuse DoS Attacks for DDoS
Denial of Service (DoS) attacks are often confused for DDoS attacks, but they’re not the same.
DoS attacks are system-on-system attacks originating from a single source.
In contrast, DDoS attacks take advantage of an extensive network of computers to attack a single target. This makes DDoS attacks more severe, even though DoS attacks can also be inconvenient.
Check the comparison table below for a comprehensive overview of how these attacks differ.
|Low to medium
|Network-layer and Application-layer attacks
|Volume-based, Application-layer and protocol attacks
|Easier (single attack repulsion)
|Tougher (multiple computer attacks from various locations)
|Easier (single IP)
|Tougher (botnet in different remote locations)
|Internet slowdowns, loss of internet access for a few hours
|Loss of server access, complete internet access shutdown
Fortunately, a VPN can protect you against a DoS attack like it does the more serious DDoS attacks.
What to Do When Under a DDoS Attack?
Earlier, I mentioned that a VPN won’t protect you from an attack already underway or when the hacker already knows your IP address. However, that doesn’t mean you can’t do anything against the attack.
Here’s a playbook to follow (in no particular order):
- Reboot your router: This only works if your router assigns dynamic IPs ( static IPs). Leave it off for a few minutes, and you’ll get a new IP address (which the hacker doesn’t know) when the router returns online.
- Call your ISP: Let your internet service provider (ISP) know you’re being DDoS-ed. They’ll have systems and protocols against these kinds of attacks. In the meantime, they could assign you a new IP address too.
- Inform the network admin: If you’re on a school or work network, let the network admin/IT guys know you’re being DDoS-ed. That could help prevent the spread of the attack in time.
- Change your IP address: If you know how to manually change your computer’s IP address, do so to divert the botnets to your old IP while you have a new, non-attacked IP.
- Contact law enforcement: If the DDoS attacks sensitive data, disrupts critical services, or it’s been going on for a while, you can fill out a form with agencies like the FBI to look into the issue.
Never try to attack the hacker back, as you’ll also be breaking the law.
Also, that may just expose you to more revenge attacks.
Frequently Asked Questions
DDoS attacks are illegal in countries like the USA and the UK, where punishment could range from fines to prison time. This is why the US has a particular part of the FBI set up to tackle such crimes and prosecute perpetrators.
However, DDoS attacks haven’t been written into law in most countries, so you won’t have the backing of the law if you fall victim.
Thus, check with your local laws to see what’s said about DDoS attacks.
A reliable VPN offers robust security protocols that’ll stop DDoS bots and prevent them from reaching the user they’re intended for.
At worst, the bots might take down a single server for a few hours or a day.
Fortunately, VPN providers often provide multiple servers in a single location so users won’t be affected by such occurrences.
DDoS-ing a free or unreliable VPN may cause the attack to go through, bringing down the VPN provider and even affecting users on that server.
However, reputable VPNs like Surfshark, NordVPN, and ExpressVPN use best-in-class security systems to contain botnets to one server.
Thus, the server can be shut down or flushed of the attack before returning to circulation.
Overall, the attack never reaches the user as the VPN provider handles it on its end.
NordVPN offers DDoS protection and AES 256-bit encryption security on all 5400+ servers to protect users from botnet and DDoS attacks.
The server count also makes it possible to connect to a new server once one is attacked and NordVPN starts dealing with it.
Finally, NordVPN’s kill switch makes it impossible for hackers to find your actual IP address if you ever lose connection to its remote server.
Surfshark is excellent for VPN DDoS protection, offering it and 256-bit encryption on all servers, along with a kill switch to prevent IP/DNS leaks to hackers waiting to DDoS you.
Likewise, its novel Rotating IPs keep you connected to a single virtual location without staying on one IP for too long. Thus, hackers always struggle to keep on top of your VPN-assigned IP address.
At the same time, Surfshark continues to deflect the DDoS botnet away from your computer.
You can prevent a DDoS attack by always staying connected to reliable VPNs with in-built DDoS protection like ExpressVPN, NordVPN, and Surfshark.
That way, your real IP address is never leaked, and a hacker can’t DDoS you remotely.
However, a hacker with physical access to your computer can still find your real IP address and send you a DDoS attack.
Most free VPNs lack great encryption against IP leaks, making it possible for hackers to find your actual IP address and DDoS you. Likewise, free VPN providers have no DDoS protection since they mostly work like proxy servers.
Thus, leaving you vulnerable to a botnet if it’s ever directed your way.
Protect Yourself Against DDoS Attacks Today
Now that you know how a VPN can and can’t protect you against a DDoS attack, you also understand how to keep from falling victim to such attacks.
Remember that you’re only responsible for your computer/network, and there’s nothing you can do if you can’t access an external platform being DDoS-ed.
Likewise, don’t forget to grab Surfshark’s limited-time offers to enjoy a 30-day risk-free DDoS protection trial on unlimited devices with a money-back guarantee to match.