Biggest DDoS attack in history hits GitHub
GitHub has been hit by the biggest Distributed Denial of Service (DDoS) attack in history, peaking at 1.35Tbps.
The attack impacted GitHub’s services on 28 February, where it was unavailable for 5 minutes, and then intermittently unavailable for 4 minutes.
Cloudflare described the attack as an amplification vector using memcached over UDP in the blog post Memcrashed – Major amplification attacks from UDP port 11211.
The attack works by abusing memcached instances that are inadvertently accessible on the public Internet with UDP support enabled.
Spoofing of IP addresses allows memcached responses to be targeted against another address, like ones used to serve GitHub, and send more data to the target than needs to be sent by the un-spoofed source.
The vulnerability via misconfiguration described in the post is unique among that class of attacks, because the amplification factor is up to 51,000.
This means that for each byte sent by the attacker, up to 51KB is sent toward the target.
GitHub attack
The attack on GitHub originated from over a thousand autonomous systems (ASNs) across tens of thousands of unique endpoints.
It was an amplification attack using the memcached-based approach and peaked at 1.35Tbps via 126.9 million packets per second.
“Given the increase in inbound transit bandwidth to over 100Gbps in one of our facilities, the decision was made to move traffic to Akamai, who could help provide additional edge network capacity,” said GitHub.
“Routes reconverged in the next few minutes and access control lists mitigated the attack at their border.”
Now read: Netgear unveils gaming router with DDoS protection
Loading ...