Abstract: A Distributed Denial of Service (DDoS) attack aims to deprive legitimate users of a resource or service provided by a system, by overloading the system with a flood of data packets, thus preventing it from processing legitimate requests. This article analyzes the doctrines governing the allocation of liability among key players in a DDoS attack. The doctrines are well established and based on common law tort principles and policy considerations. The main contribution of the article is the adaptation of these principles to the novel technological environment in which DDoS attacks occur. The analysis shows that detailed understanding of the technologies and analysis of their role in DDoS attacks are essential to effective judicial decisionmaking.