GitHub survived the most powerful distributed denial of service attack in history, with the DDoS attack flooding the software development website with internet traffic that reached a peak of 1.35 TB per second.
GitHub lived through the DDoS attack, with the website going down for only a few minutes. However, things do not end here, as an even stronger attack will likely happen soon.
GitHub Survives The Most Powerful DDoS Attack
On Feb. 28, at about 12:15 pm ET, the most powerful DDoS attack ever recorded struck GitHub. In 10 minutes, GitHub was able to request for help from Akamai Prolexic, which routed all the traffic and pushed the data past its scrubbing centers to identify and block the malicious packets. After about eight minutes, the people behind the DDoS attack withdrew.
In comparison, the DDoS attack on Dyn in October 2016 peaked at 1.2 TB per second. The attack on the internet infrastructure company resulted in connectivity issues across the United States, taking down many popular websites and online services such as Reddit, Netflix, Spotify, and Twitter.
According to Akami VP of web security Josh Shaul, it was able to protect GitHub from the 1.35 TB DDoS attack because the security company designed its capacity to withstand attacks that are up to five times more powerful than the strongest one that was previously recorded.
"So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope," Shaul told WIRED.
Memcrashed Will Attack Again
While the DDoS attack on Dyn was powered by the Mirai botnet, which infected tens of thousands of internet-connected devices to generate the traffic, the attack on GitHub was different. The people behind it did not use a botnet but rather utilized a new attack method named Memcrashed.
Memcrashed exploits the memcached program, which is an open-source caching system commonly used by websites for faster speed. However, some system administrators have unsecure memcached-enabled servers, which can be used by attackers to contribute to a DDoS attack.
The memcached technology is capable of amplifying internet traffic by over 50,000 times, done by spoofing the IP address of a website. The memcached servers will then flood the website with data, with the goal of taking the target offline.
Security experts are now urging the owners of tens of thousands of open memcached servers to place them inside firewalls to prevent attackers from exploiting them. However, while the unsecure servers are still available, the chances are high that another Memcrashed attack will launch soon, and they may be more powerful.