World’s largest DDoS attack hits Github; site down for ten minutes

GitHub has revealed that it weathered the largest-known DDoS attack in history this week.

DDoS — or distributed denial of service in full — is a cyber attack that aims to bring websites and web-based services down by bombarding them with so much traffic that their services and infrastructure are unable to handle it all. It’s a fairly common tactic used to force targets offline.

GitHub is a common target — the Chinese government is widely-suspected to be behind a five-day-long attack in 2015 over its hosting of software to bypass its internet censorship system — and this newest assault tipped the scales at an incredible 1.35Tbps at peak.

Fortunately, the software development site survived the disruption and was only down for few minutes, Github said on Thursday. Akamai, a DDoS protection provider, managed to fend off the assault.
The last time the world saw a 1 Terabit DDoS attack was in 2016. The Mirai botnet, an army of infected computers, managed to bombard a cloud provider in France with 1.1 Tbps in traffic.

Powering the attacks was how the Mirai botnet had infected tens of thousands of vulnerable IoT devices to generate the internet traffic. However, Wednesday’s attack on Github was different. It didn’t rely on any botnet. The assault actually leveraged what’s known as a “memcache server,” which is usually hooked up to a data center.

As the name suggests, these servers are designed to cache data and speed up web applications and internet sites. Unfortunately, this same technology can be dangerous because it can amplify a packet of data traffic by up to 51,000 times, according to Cloudflare, another DDoS protection provider.

For example, sending a 203 byte request to a memcached server can result in a 100 megabyte response. Now imagine that response bombarding an actual website. This can be done when a memcache server spoofs the IP address of a target website, like Github.