GitHub suffers largest DDoS attack ever recorded

GitHub suffers largest DDoS attack ever recorded

The first portion of the attack against the developer platform peaked at 1.35Tbps, and there was a second 400Gbps spike later.

According to Akami VP of web security Josh Shaul, it was able to protect GitHub from the 1.35 TB DDoS attack because the security company designed its capacity to withstand attacks that are up to five times more powerful than the strongest one that was previously recorded.

This barrage peaked at 1.2 Tbps and triggered connectivity issues across the USA as Dyn fought to get the situation under control.

On Wednesday, the code distribution and version control service website GitHub survived a massive DDos attack.

Github said that at no point "was the confidentiality or integrity of your data at risk".

"Large DDoS attacks such as those made possible by abusing memcached are of concern to network operators", Roland Dobbins, a principal engineer at Arbor Networks, was quoted as saying.

GitHub said that the attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. "It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second", GitHub said.

DDoS attacks have been carried out by diverse threat actors, ranging from individual criminal hackers to organized crime rings and government agencies. They are not supposed to be exposed to the public online. However, there are now more than 50,000 known vulnerable systems, according to Akamai.

More news: Police probe Netanyahu in corruption case ahead of DC visit
More news: US Gunmaker Vista Outdoor Inc Products Dropped By Canadian Store
More news: Karti's interrogation will eventually lead to P Chidambaram's prosecution: Swamy

"15 bytes of request can trigger a 134KB of response sent to the unfortunate target".

The attack, dubbed "Memcrashed", exploits the popular memcached utility, which caches data in server memory and is used to minimize the frequency with which databases, APIs or other data objects are accessed.

A blog by Akamai claimed that memcached is a protocol allowing a server to be queried for information about key value stores and is only meant to be used on systems that are not exposed to the internet, as no authentication is required. They spoofed the platform's IP address and sent small queries to multiple memcached servers, which sent the data back to GitHub - amplified 50 times.

In practice, this method can magnify an attack by a factor of more than 51,000.

"Between 17:21 and 17:30 UTC on February 28, we identified and mitigated a significant volumetric DDoS attack", GitHub said in a blog, which was posted after the attack was mitigated.

GitHub also stated that even still, attacks like this sometimes require the help of partners with larger transit networks to provide blocking and filtering.

"We're investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery".

"Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long", Akamai warned in its report on the incident.

Related Articles

  • Man sentenced to 300 years in prison released on technicality

    Man sentenced to 300 years in prison released on technicality

    The Mesa County DA did appeal the courts' decision to overturn his conviction, but the Colorado Supreme Court refused to hear it. However, on his third continuance, McFadden made a decision to assert his speedy trial rights.
    Man nabbed over deadly house fire in Northern Ireland

    Man nabbed over deadly house fire in Northern Ireland

    Three people killed in a house fire thought to have been started deliberately are believed to be from Doncaster. . Police tape sealed off the entrance to Molly Road , a rural lane just off the Doon Road scenic route.
    Reportedly Killed In Shooting At Central Michigan University Dorm; Suspect At Large

    Reportedly Killed In Shooting At Central Michigan University Dorm; Suspect At Large

    The university says suspect is still at large. "If you see something suspicious, call 911", the university added. Two people have been shot dead at Central Michigan University in the U.S. , according to the institution.
  • Complaint filed against Kerala magazine, model over breastfeeding cover pic

    Complaint filed against Kerala magazine, model over breastfeeding cover pic

    The Mother's Absoulte Affection (MMA) UNICEF breastfeeding program was launched in 2016 to help promote breastfeeding in India. Users have criticised the magazine for trying to titillate audiences by presenting the model in such an "exposed manner".
    Gunfire near French embassy in Burkina Faso capital

    Gunfire near French embassy in Burkina Faso capital

    In Paris, President Emmanuel Macron's office said the French leader was "being informed in real time" of the situation. An attack by gunmen past year on a restaurant in Ouagadougou left at least 18 people dead, including two attackers.
    IU set to open Big Ten Tournament against Rutgers

    IU set to open Big Ten Tournament against Rutgers

    But offensively IN never could push ahead of Rutgers, and Miller credited Rutgers and blamed himself a bit for that. Minnesota hasn't had an awesome season, but they have played pretty well against the bottom half of the Big 10.
  • Go inside the classroom where the armed Dalton teacher was barricaded

    Go inside the classroom where the armed Dalton teacher was barricaded

    Dalton High School confirmed that no children were in the classroom when the gun went off, according to Fox News . Davidson shot at an external window and did not appear to intend to hurt anyone, authorities noted .
    Huawei P20 Lite may have been outed by Vodafone Spain

    Huawei P20 Lite may have been outed by Vodafone Spain

    The Huawei P20 Lite is expected to run on Android 8.0 Oreo out of the box with the company's very own EMUI 8.0 on top. The specs disclosed by the carrier are not surprising at all, in fact, they confirm the leaks that surfaced recently.
    Red Weather Warning For Midlands

    Red Weather Warning For Midlands

    Two weather warnings have been issued for Galway, however the red warnings are confined to Munster and Leinster . Shops, government offices and various other services also shut entirely today or closed early.
  • Instagram's code reveals potential voice and video calling features

    Instagram's code reveals potential voice and video calling features

    It appears that the code for voice and video calling is embedded into the code of the Android Application Packages for Instagram . If Instagram does decide to add audio and video calling to its app, it could become a far more appealing chat app than Snapchat.
    Senate Intel Says House Panel Leaked Private Russia Texts

    Senate Intel Says House Panel Leaked Private Russia Texts

    Waldman independently concluded that the House committee had probably shared the document and sent a letter to Mr. Mark Warner of Virginia, were so angered by a media leak that they discussed the issue with House Speaker Paul D.
    Snow-covered Britain braced for new threat as Storm Emma nears

    Snow-covered Britain braced for new threat as Storm Emma nears

    Extremely heavy snow is possible with some forecasts indicating there could be falls of 50cms on high ground in rural aeras. With the whole of the United Kingdom suffering heavy snow, military assistance was drafted in to help the NHS.