GitHub suffered a maximum of 1.35 Tbps DDoS attacks in history

GitHub suffered a maximum of 1.35 Tbps DDoS attacks in history

Github, the largest code distribution platform, suffered a series of large-scale distributed denial of service (DDoS) attacks on Wednesday.

In the first phase of the attack, Github's website suffered an astonishing peak of 1.35 Tbit (Tbps) per second. In the second stage, Github's network monitoring system detected a peak of Gbps. The attack lasted for more than 8 minutes, and was the largest DDoS attack ever since because of the large amount of traffic used by the attack.

Previously, France Telecom OVH and Dyn DNS suffered a 1 Tbps DDoS attack. Both attacks are carried out by hackers using Mirai. Mirai is a virus infected with Iot devices for large-scale DDoS attacks.

However, as far as Github is concerned, large-scale attacks originate from critical security vulnerabilities in Akamai, Arbor Networks, and Cloudflare Memcached servers. According to researchers, the implementation of UDP protocol on the Memcached server has a vulnerability that can be used to initiate major DDoS attacks.

Researchers call it a amplification attack. Github has confirmed that the attack uses Memcached for amplification. The attack reaches the peak speed by 0.1269 billion packets per second at a speed of 1.35Tbps.

If hackers use amplification attacks, they can initiate attacks with low traffic (as low as 1 Gbps) and initiate very large attacks, with the attack speed up to several GB per second.

Sam Kottler of Github explained the attack and wrote: "ip address spoofing allows Memcached's response to another address, such as the address used to serve GitHub.com and send more data to the target. In this attack, the misconfigured vulnerability is unique because the amplification factor is as high as 51,000, which means that up to kb can be sent to the target for each byte sent by the attacker ."

According to Marek majkoski, an engineer at Cloudflare, "over the past few days, we have found a large number of amplification attacks using Memcached protocol from UDP port 11211. Unfortunately, many Memcached servers around the world use this insecure configuration. "

"A request of 15 bytes can trigger a response of KB. This is a magnification of 10,000 x! In fact, we can see a 51,200 kb response from a 15-byte request (which is times larger ). "

To mitigate the attack, Github decided to use Akamai's Prolexic, which provides fully-hosted DDoS protection, and Akamai can filter and block malicious traffic packets. In addition, Github has apologized to its users and said that user data is not under threat. The company vowed to improve its security to deal with such large-scale network attacks.

In recent years, with the widespread spread of Iot viruses, large-scale DDoS attacks have increased. GitHub was not the first to be under DDoS attacks. In 2015, Github was under the largest attack at that time.

* Reference Source: HackRead

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151180.htm