GitHub suffers largest DDoS attack ever recorded

GitHub suffers largest DDoS attack ever recorded

The first portion of the attack against the developer platform peaked at 1.35Tbps, and there was a second 400Gbps spike later.

According to Akami VP of web security Josh Shaul, it was able to protect GitHub from the 1.35 TB DDoS attack because the security company designed its capacity to withstand attacks that are up to five times more powerful than the strongest one that was previously recorded.

This barrage peaked at 1.2 Tbps and triggered connectivity issues across the USA as Dyn fought to get the situation under control.

On Wednesday, the code distribution and version control service website GitHub survived a massive DDos attack.

Github said that at no point "was the confidentiality or integrity of your data at risk".

"Large DDoS attacks such as those made possible by abusing memcached are of concern to network operators", Roland Dobbins, a principal engineer at Arbor Networks, was quoted as saying.

GitHub said that the attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. "It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second", GitHub said.

DDoS attacks have been carried out by diverse threat actors, ranging from individual criminal hackers to organized crime rings and government agencies. They are not supposed to be exposed to the public online. However, there are now more than 50,000 known vulnerable systems, according to Akamai.

More news: Man sentenced to 300 years in prison released on technicality
More news: Gunfire near French embassy in Burkina Faso capital
More news: Karti's interrogation will eventually lead to P Chidambaram's prosecution: Swamy

"15 bytes of request can trigger a 134KB of response sent to the unfortunate target".

The attack, dubbed "Memcrashed", exploits the popular memcached utility, which caches data in server memory and is used to minimize the frequency with which databases, APIs or other data objects are accessed.

A blog by Akamai claimed that memcached is a protocol allowing a server to be queried for information about key value stores and is only meant to be used on systems that are not exposed to the internet, as no authentication is required. They spoofed the platform's IP address and sent small queries to multiple memcached servers, which sent the data back to GitHub - amplified 50 times.

In practice, this method can magnify an attack by a factor of more than 51,000.

"Between 17:21 and 17:30 UTC on February 28, we identified and mitigated a significant volumetric DDoS attack", GitHub said in a blog, which was posted after the attack was mitigated.

GitHub also stated that even still, attacks like this sometimes require the help of partners with larger transit networks to provide blocking and filtering.

"We're investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery".

"Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long", Akamai warned in its report on the incident.

Related Articles

  • Virginia hits buzzer beating 3 with 0.9 to defeat Louisville

    Virginia hits buzzer beating 3 with 0.9 to defeat Louisville

    The Cards pushed their lead back to that unlucky number on Adel's 3-pointer with 12:46 to play before Virginia's rally. Hunter finished with seven points in 21 minutes off the bench.
    Complaint filed against Kerala magazine, model over breastfeeding cover pic

    Complaint filed against Kerala magazine, model over breastfeeding cover pic

    The Mother's Absoulte Affection (MMA) UNICEF breastfeeding program was launched in 2016 to help promote breastfeeding in India. Users have criticised the magazine for trying to titillate audiences by presenting the model in such an "exposed manner".
    Alec Baldwin: Playing Trump on SNL is 'Agony'

    Alec Baldwin: Playing Trump on SNL is 'Agony'

    The actor also defended accused child molester and director Woody Allen in the same interview, earning him much criticism. And if Trump wins again in 2020, "I'm wondering can I host a game show in Spain?" "That we've all been waiting for".
  • CEO of US Olympic Committee Steps Down Amid Nassar Scandal Fallout

    CEO of US Olympic Committee Steps Down Amid Nassar Scandal Fallout

    The US Olympic committee has released an official press statement detailing the situation. Olympic Committee, has stepped down from his position, The New York Times reported .
    Instagram's code reveals potential voice and video calling features

    Instagram's code reveals potential voice and video calling features

    It appears that the code for voice and video calling is embedded into the code of the Android Application Packages for Instagram . If Instagram does decide to add audio and video calling to its app, it could become a far more appealing chat app than Snapchat.
    Senate Intel Says House Panel Leaked Private Russia Texts

    Senate Intel Says House Panel Leaked Private Russia Texts

    Waldman independently concluded that the House committee had probably shared the document and sent a letter to Mr. Mark Warner of Virginia, were so angered by a media leak that they discussed the issue with House Speaker Paul D.
  • US Gunmaker Vista Outdoor Inc Products Dropped By Canadian Store

    US Gunmaker Vista Outdoor Inc Products Dropped By Canadian Store

    On a very personal note, many of us come from parts of the world where we have witnessed the use and impact of guns first-hand. A major Canadian outdoor retailer has chose to one-up Dick's Sporting Goods ban on modern sporting rifles and magazines.
    Walmart raises age limit on gun sales to 21

    Walmart raises age limit on gun sales to 21

    But the the ban by one of the country's leading gun sellers carries huge symbolic weight and has generated nationwide discussion. But a few months later, the company began carrying the firearms at its outdoor and hunting retail chain, Field & Stream.
    Red Weather Warning For Midlands

    Red Weather Warning For Midlands

    Two weather warnings have been issued for Galway, however the red warnings are confined to Munster and Leinster . Shops, government offices and various other services also shut entirely today or closed early.
  • Man nabbed over deadly house fire in Northern Ireland

    Man nabbed over deadly house fire in Northern Ireland

    Three people killed in a house fire thought to have been started deliberately are believed to be from Doncaster. . Police tape sealed off the entrance to Molly Road , a rural lane just off the Doon Road scenic route.
    It looks like Blizzard is teasing Diablo 3 for the Nintendo Switch

    It looks like Blizzard is teasing Diablo 3 for the Nintendo Switch

    Blizzard has since stated that they no longer intend to do so, but we at least know that the console is on the studio's mind. KitGuru Says: Diablo III is one of my favorite games, so the idea of being able to play it on the Switch is very exciting.
    IU set to open Big Ten Tournament against Rutgers

    IU set to open Big Ten Tournament against Rutgers

    But offensively IN never could push ahead of Rutgers, and Miller credited Rutgers and blamed himself a bit for that. Minnesota hasn't had an awesome season, but they have played pretty well against the bottom half of the Big 10.