Github Survived The Biggest DDOS Attack Ever recorded
GitHub’s code hosting website traffic hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps.
Most Interestingly of the ddost attack , attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.
Earlier this week our member report and publish detailing how attackers could abuse Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attackthan its original strength
Dubbed Memcrashed, the amplification DDoS assault works by sending a cast request to the focused Memcrashed server on port 11211 utilizing a spoofed IP handle that matches the sufferer‘s IP.
Just a few bytes of the request despatched to the susceptible server set off tens of hundreds of occasions larger response towards the focused IP handle.
Vice president of web security at Akamai says
“So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope.”
engineering weblog, Github says
In a publish on its engineering weblog, Github said, “The assault originated from over a thousand completely different autonomous programs (ASNs) throughout tens of 1000’s of distinctive endpoints. It was an amplification assault utilizing the memcached-based method described above that peaked at 1.35Tbps through 126.9 million packets per second.”