Github Survived The Biggest DDOS Attack Ever recorded

Github Survived The Biggest DDOS Attack Ever recordedGithub Survived The Biggest DDOS Attack Ever recordedGithub Survived The Biggest DDOS Attack Ever recorded

GitHub’s code hosting website traffic  hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps.

Most Interestingly of the ddost attack , attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.

Earlier this week our member report and publish  detailing how attackers could abuse Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attackthan its original strength

Dubbed Memcrashed, the amplification DDoS assault works by sending a cast request to the focused Memcrashed server on port 11211 utilizing a spoofed IP handle that matches the sufferer‘s IP.

Just a few bytes of the request despatched to the susceptible server set off tens of hundreds of occasions larger response towards the focused IP handle.

Vice president of web security at Akamai says

“So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope.”

engineering weblog, Github says

In a publish on its engineering weblog, Github said, “The assault originated from over a thousand completely different autonomous programs (ASNs) throughout tens of 1000’s of distinctive endpoints. It was an amplification assault utilizing the memcached-based method described above that peaked at 1.35Tbps through 126.9 million packets per second.”
GitHub continued routing its visitors by Prolexic for just a few hours to make sure that the scenario was resolved. Akamai’s Shaul says he suspects that attackers focused GitHub just because it’s a high-profile service that will be spectacular to take down. The attackers additionally could have been hoping to extract a ransom. “The period of this assault was pretty quick,” he says. “I feel it didn’t have any affect so they only mentioned that’s not price our time anymore.”
Till memcached servers get off the general public web, although, it appears possible that attackers will give a DDoS of this scale one other shot.