1.3 Tb/sec DDOS on github!

What is DDOS?
DDOS or Distributed Denial Of service refers to crashing server by sending tons of requests from different systems. The systems are usually infected with trojan or malware and all the online systems are made to send continuous requests at one particular time flooding the server.

Memcached Server
Memcached server are more responsive than usual servers since they have improved memory caching.

The attack
Attackers spoofed github's IP and took control of memacached servers of Github from UDP port 11211 . Github stated that these servers are inaccessible to the general public. They used it to amplify traffic and attempted to crash the server. The amplification was around 50 times. This lead to github being attacked at a volume of 1.3 Tb/s.


This is the largest DDOS attack ever recorded in the history. Astonishingly it took Github approximately just 5 mins to recover. Github was down on 28th Feb between 17:21 UTC and 17:26 UTC.

What now?
As quoted from https://githubengineering.com/ddos-incident-report/
Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention. We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR).
We’re going to continue to expand our edge network and strive to identify and mitigate new attack vectors before they affect your workflow on GitHub.com.
We know how much you rely on GitHub for your projects and businesses to succeed. We will continue to analyze this and other events that impact our availability, build better detection systems, and streamline response.

Follow us on Facebook:- Facebook.com/VAPTHacker

Comments

  1. What a wonderful post you have written! It will come to great help of the beginners like me! This is very clear, precise and descriptive really! Thank you so much Mr.Author. Keep writing for us like this.:)

    Offshore dedicated server

    ReplyDelete
  2. Do you want buy ddos but do not know where to do it? This service will help you to do ddos attack.

    ReplyDelete

Post a Comment

Popular posts from this blog

Sniffing Android API

Bitcoin mining in nuclear lab