Sunday 4 March 2018

GitHub survives massive DDoS attack relatively unscathed

GitHub, a web-based code distribution and version control service, survived a massive denial of service attack on Wednesday. According to a report at Wired, a staggering 1.35 terabits per second (Tbps) of traffic hit the site at once. Within 10 minutes the company called for help from a DDoS mitigation service similar to Google's Project Shield, Akamai's Prolexic, which took over to filter and weed out malicious traffic packets. The attack, says Wired, ended after eight minutes. This may have been the largest DDoS attack ever; Wired notes the attack on domain name server Dyn in late 2016 reached 1.2 Tbps of traffic.

The attack was apparently conducted via a non-bot technique called an amplification attack. These use memcached database systems, says Wired, that can be queried by anyone. Attackers spoof the IP of their target and send small requests to the memcached databases, which then send a massive amount of traffic to the target system, like GitHub in this case. The answer to shutting down attacks like these is twofold, says Wired. Mitigation services like Prolexic can add filters to automatically block this sort of traffic, and owners of memcached databases can remove them from public access.

Source: Wired

Read the full article here by Engadget

No comments: