Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 6 MINUTES AGO.
You are here: Home / Customer Data / Largest DDoS Attack: What We Know
Largest DDoS Attack Ever Reported: Here's What We Know
Largest DDoS Attack Ever Reported: Here's What We Know
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
02
2018
A massive distributed denial of service (DDoS) attack on Wednesday, Feb. 28, left users unable to access the code repository GitHub for nearly 10 minutes. The 1.35 Tbps attack was the ever largest seen, according to the content delivery network services provider Akamai Technologies.

The attack on GitHub was delivered through a new method involving the memcached distributed memory caching system, which is designed to speed up performance of Web sites with dynamic, disk- or database-driven content. Attackers can flood such sites with huge volumes of traffic via memcached's use of the User Datagram Protocol (UDP), a core Internet Protocol transport feature.

Just a day before GitHub was hit, Akamai had reported that DDoS attacks using UDP-based memcached traffic had the potential to reflect and amplify traffic loads of 190 Gbps and more. Akamai warned that "organizations need to be prepared for more multigigabit attacks using this protocol and should plan accordingly."

The largest previously reported DDoS attack was a 1.2 Tbps attack on the domain name provider Dyn in October 2016. That attack temporarily knocked multiple large sites, including Twitter and Spotify, offline.

Amplifying Traffic by 51,000x

Wednesday's attack on GitHub left the site unavailable for five minutes shortly after noon Eastern Time, and only intermittently available for another four minutes after that. However, the attack did not at any point affect the confidentiality or integrity of users' data, GitHub engineering manager Sam Kottler wrote in an update on the site yesterday.

Kottler said the attack worked by taking advantage of memcached instances that are "inadvertently accessible on the public Internet with UDP support enabled." By spoofing IP addresses, the attacker or attackers were able to direct memcached responses to GitHub, multiplying the volume of data sent in the process.

"The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target," Kottler said.

He added that over the past year GitHub had been taking steps to boost its transit capacity to better withstand DDoS attacks, and planned to continue doing so.

Be Cautious with UDP

"Making GitHub's edge infrastructure more resilient to current and future conditions of the Internet and less dependent upon human involvement requires better automated intervention," Kottler noted. "We're investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR)."

What steps can other organizations take to prevent coming under a similar DDoS attack? The content delivery network provider Cloudflare said one key is to "stop using UDP."

"If you must, please don't enable it by default," said Cloudflare team member Marek Majkowski in a blog post. "We've been down this road so many times. DNS, NTP, Chargen, SSDP and now memcached. If you use UDP, you must always respond with strictly a smaller packet size then the request. Otherwise your protocol will be abused. Also remember that people do forget to set up a firewall. Be a nice citizen. Don't invent a UDP-based protocol that lacks authentication of any kind."

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Gillespie:
Posted: 2018-03-02 @ 11:51am PT
What about AOL? Aol.com was out of service today for some time.

Like Us on FacebookFollow Us on Twitter
MORE IN CUSTOMER DATA
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.