On Wednesday, February 28 Developer platform GitHub was hit with the largest ever distributed denial of service attack recorded to date.
At 17:21 UTC the Github platform was hit with a 1.35 terabits per second of traffic which lasted over 10 minutes. At 18:00 UTC there was another similar attack which peaked at 400Gbps.
The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.
“At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by Memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of Memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long” said in the blog post published by Akamai
According to Akamai, the attackers utilized the critical security flaw in the in Memcached servers to execute the attack.
The flaw lies in the UDP protocol implementation in the Memcached servers. It amplifies the incoming packets with a factor of over 50,000 times meaning a 203-byte request results in a 100mb response.
The attack was mitigated by filtering all traffic sourced from UDP port 11211 which is the default port used by Memcached.
You may be interested in reading: New Mirai Based Botnet Called OMG Turns IoT Devices into Proxy Servers
GitHub confirms that it was an amplification attack using the Memcached-based approach which peaked at 1.35Tbps via 126.9 million packets per second.
“We understand how much you rely on GitHub and we know the availability of our service is of critical importance to our users. To note, at no point was the confidentiality or integrity of your data at risk. We are sorry for the impact of this incident and would like to describe the event, the efforts we’ve taken to drive availability, and how we aim to improve response and mitigation moving forward.” said in the post published by GitHub.