iTnews
  • Home
  • News
  • Technology
  • Security

GitHub hit with largest ever DDoS attack

By Allie Coyne on Mar 2, 2018 7:24AM
GitHub hit with largest ever DDoS attack

Reaches 1.35 Tbps.

Developer platform Github has been hit with the most powerful distributed denial of service attack on record, managing to survive 1.35 Tbps of traffic flooded to its website relatively unscathed.

The company revealed that its website went down for about ten minutes intermittently on February 28 as a result of the attack, which GitHub said originated from "over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints".

The first portion of the attack peaked at 1.35Tbps via 126.9 million packets per second, followed by a second 400 Gbps spike.

The largest recorded DDoS attack until now was on domain name server provider Dyn in late 2016, which peaked at 1.2 Tbps of traffic.

Github called in Akamai as the attack struck to access additional edge network capacity.

The attack drew its power from memcached instances that were inadvertently accessible on the public internet with UDP support enabled.

Attackers abuse the memcache protocol by implanting a large payload on an exposed memcached server and then spoofing the 'get' request message with a victim's IP address.

"Spoofing of IP addresses allows memcached's responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source," GitHub said.

"The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target."

Akamai said this type of attack was likely to become more popular given its "ability to create such massive attacks".

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
ddosgithubsecurity

Partner Content

How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Allie Coyne
Mar 2 2018
7:24AM
0 Comments

Related Articles

  • VMware, F5, Log4j added to EnemyBot attack targets
  • Heroku hackers got account passwords via OAuth token theft
  • Stolen Heroku and Travis-CI OAuth tokens used for GitHub repo hacks
  • Local Gits vulnerable to remote code execution
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs

ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m

Defence, DEWR drop $160m on Microsoft software, Azure

Defence, DEWR drop $160m on Microsoft software, Azure

Digital Nation

COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.