1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

GitHub falls victim to largest DDoS attack ever recorded

By Cal Jeffrey ยท 7 replies
Mar 1, 2018
Post New Reply
  1. GitHub was hit yesterday by what is reported to be the biggest distributed denial of service (DDoS) attack ever. According to GitHub Engineering, the site was shut down by the attack from 17:21 to 17:26 UTC on February 28. Afterwards, the website maintained intermittent functionality between 17:26 and 17:30 before fully recovering.

    The nine-minute attack was by no means the longest disruption GitHub has faced. Back in 2015, we reported on a DDoS attack against the code repository that appeared to be originating from the Chinese government that lasted for the better part of a weekend. However, what makes the recent attack more significant and severe is not the length of time the site was affected, but the sheer volume of data that was sent that caused the shutdown.

    At the peak of the attack, GitHub was flooded with data coming in at 1.35Tbps. The previous largest DDoS attack ever recorded was closer to 1.1Tbps. The second phase of the attack, which was causing intermittent interruptions, was only spiking at around 400Gbps.

    GitHub assured its clients that no data was compromised during the event.

    “To note, at no point was the confidentiality or integrity of your data at risk. We are sorry for the impact of this incident and would like to describe the event, the efforts we’ve taken to drive availability, and how we aim to improve response and mitigation moving forward.”

    The attack used an obscure attack vector to amplify its power. The technique, called a "memcached reflection" attack, exploits the memcached protocol over UDP port 11211. Cloudflare is reporting that it has seen an increase in this vector over the last few days.

    This is how it works. An attacker spoofs a victim’s IP address and sends a small request to several memcached servers. The servers then send out “legitimate” responses to the target as if it was the one requesting the data.

    In practice, this method can magnify an attack by a factor of more than 51,000. In other words, for every byte the attacker sends out, the victim is receiving up to 51KB.

    “15 bytes of request can trigger a 134KB of response sent to the unfortunate target. This is amplification factor of 10,000x! In practice we've seen a 15 byte request result in a 750KB response (that's a 51,200x amplification),” Cloudflare said.

    In response to the incident, GitHub said it has moved the affected facility's inbound traffic to Akamai. Engineers say this will “help provide additional edge network capacity.” It will also be working to improve its automated intervention protocols and monitoring its infrastructure to reduce its mean time to recovery (MTTR) when mitigating future attacks.

    Permalink to story.

    Last edited by a moderator: Mar 1, 2018
  2. Cycloid Torus

    Cycloid Torus Stone age computing. Posts: 3,617   +986

    Obviously, just practice.
    Cal Jeffrey likes this.
  3. Cal Jeffrey

    Cal Jeffrey TS Evangelist Topic Starter Posts: 1,344   +340

    Yep. In fact, Cloudflare said that we are going to be seeing attacks like this more often as others learn of the technique.
  4. meric

    meric TS Addict Posts: 160   +80

    I've been hearing about DDoS attacks for years, why is it so difficult to protect from this attack? Is it not possible to get protected by using software?
  5. jobeard

    jobeard TS Ambassador Posts: 12,366   +1,390

    The DoS (and the distributed form) occurs at the hardware NIC and the first step of making a connection to a service. This means that it's very difficult to defend and needs lots of server resources and short windows to complete the connection. I can't go into details less we induce more attacks :sigh:
  6. BadThad

    BadThad TS Booster Posts: 178   +88

    DDoS attacks are the most cowardly type of computer crime. Much of it is to blame on *****s with connected computers who have a virus or malware on their machine without their knowledge.
  7. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 3,087   +1,365

    Bets on whether it was North Korea or China?

    If you wanted to steal IP - GitHub would be the site to attack.
  8. Evernessince

    Evernessince TS Evangelist Posts: 3,187   +2,428

    Russia have been far more active with blatant Cyber attacks recently.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...