Largest DDoS Attack Ever Reported this Week: Here’s What We Know

A massive distributed denial of service (DDoS) attack on Wednesday left users unable to access the code repository GitHub for nearly 10 minutes. The 1.35 Tbps attack was the ever largest seen, according to the content delivery network services provider Akamai Technologies.

The attack was delivered through a new method involving the memcached distributed memory caching system, which is designed to speed up performance of Web sites with dynamic, disk- or database-driven content. Attackers can flood such sites with huge volumes of traffic via memcached's use of the User Datagram Protocol (UDP), a core Internet Protocol transport feature.

Just a day before GitHub was hit, Akamai had reported that DDoS attacks using UDP-based memcached traffic had the potential to reflect and amplify traffic loads of 190 Gbps and more. Akamai warned that "organizations need to be prepared for more multigigabit attacks using this protocol and should plan accordingly."

The largest previously reported DDoS attack was a 1.2 Tbps attack on the domain name provider Dyn in October 2016. That attack temporarily knocked multiple large sites, including Twitter and Spotify, offline.

Amplifying Traffic by 51,000x

Wednesday's attack on GitHub left the site unavailable for five minutes shortly after noon Eastern Time, and only intermittently available for another four minutes after that. However, the attack did not at any point affect the confidentiality or integrity of users' data, GitHub engineering manager Sam Kottler wrote in an update on the site yesterday.

Kottler said the attack worked by taking advantage of memcached instances that are "inadvertently accessible on the public Internet with UDP support enabled." By spoofing IP addresses, the attacker or attackers were able to direct memcached responses to GitHub, multiplying the volume of data sent in the process.

"The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks...

Comments are closed.