GitHub hit with largest ever DDoS attack

Share

GitHub survived the most powerful distributed denial of service attack in history, with the DDoS attack flooding the software development website with internet traffic that reached a peak of 1.35 TB per second.

Fortunately for GitHub, which emerged from the attack relatively unscathed, the company was able to seek help from Akamai within 10 minutes of the attack. The UDP server, not knowing the request is forged, politely prepares the response.

We started seeing a number of DDoS attacks using this method in the last few days. They predicted seeing denial of service attacks measuring up to 2 terabits per second.

A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017.

Although the attack can be easily detected by setting a rule on UDP traffic coming from source port 11211, it cannot be mitigated without a dedicated DDoS mitigation solution due to the massive amounts of PPS and BPS delivered on such an attack, which are likely to turn edge routing devices unavailable before traffic arrives at the server, regardless of its configuration. However, what makes the recent attack more significant and severe is not the length of time the site was affected, but the sheer volume of data that was sent that caused the shutdown.

Deporting offending New Zealanders 'fair and just', Turnbull says
Mr Turnbull said he and wife Lucy were looking forward to welcoming Ms Ardern and her partner, fishing show host Clarke Gayford. For generations, New Zealand has been an outspoken campaigner for nuclear non-proliferation and disarmament.

Memcached servers are database caching systems that are used to speed up networks and websites.

"At 17:26 UTC the command was initiated via our ChatOps tooling to withdraw BGP announcements over transit providers and announce AS36459 exclusively over our links to Akamai", GitHub revealed. "For many other services, I would qualify that statement: "without access control". The most obvious thing that should be done is for organizations to not expose their memcached services to the public internet. This procedure involves hackers spoofing the victim's IP address and repeatedly sending UDP requests to memcached servers. This would result in memcached systems returning data about 50 times larger than the request back to the target.

The tactic is known as an "amplification attack".

Similar to most reflection and amplification attacks before it, the primary solution to memcached attacks is to not have the reflectors exposed to the Internet. "Their sheer volume can have a negative impact on the ability of networks to handle customer internet traffic". It's significantly larger than the size of the 2016 Mirai botnet attacks that brought down a host of the internet's biggest websites through an attack on Dyn that rippled out to other sites dependent on the company's infrastructure and DNS services.

"It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second", the developer platform added. Filters that immediately block suspicious levels of memcached traffic are also either developed or in the works from many defence firms. The attacker had not used any kind of botnets, but had used a Memcached server vulnerability to perform this DDos Attack.

Share