Imagine you are the owner of a cake stall. You can easily handle a few customers at a time. However, if a huge crowd suddenly arrives, you'll be overwhelmed with requests. After a couple of minutes of mayhem where you try your best to serve everyone, you can't take it anymore, stop serving and break down!
A similar thing can happen to servers. When the server is continually and repeatedly hit up for resource requests from a single IP address, it's known as a Denial Of Service (or DOS) attack. It also happens when multiple IP devices do it and this is called a Distributed Denial Of Service or DDOS.
Basically, by repeatedly requesting the server resources (for example, by trying to load a website 5,000 times in a minute), the abusive machine(s) that are identified by either a single IP address, or multiple IP addresses, overwhelm the server. When the server becomes overwhelmed it can no longer manage to serve legitimate resource requests and locks up, freezes or worse shuts down.
Sometimes, these DOS or DDOS attacks can happen in error or can be as a result of a fault. However, in some cases these attacks can happen by malicious persons hoping to either crash the server to bring it offline, or to be able to reduce the ability of the server to defend itself whilst it's overwhelmed, thereby allowing the attacker to gain access to otherwise secure data.
There are many ways to help mitigate and stop these kinds of attacks however there is no single magic solution. Instead, it is a balancing act trying to prevent abusive traffic along with identifying and allowing legitimate traffic through the defences.
We employ multiple strategies, however none are perfect and even the best defences can be inadequate - as you'll read from various news sources even the big players who have enormous budgets, still experience issues from time-to-time.
If you sometimes experience a long load time, lag, or general latency, it can be a sign that our systems are busy working on a DOS or DDOS attack.