Close
Date TimeMarch 01, 2018
VoiceOn Wednesday, at about 12:15 pm ET, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method, no botnet required.
GitHub Survived the Biggest DDoS Attack Ever Recorded
GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off.
The scale of the attack has few parallels, but a massive DDoS that struck the internet infrastructure company Dyn in late 2016 comes close. That barrage peaked at 1.2 Tbps and caused connectivity issues across the US as Dyn fought to get the situation under control.
“We modeled our capacity based on fives times the biggest attack that the internet has ever seen,” Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. “So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope."
GitHub Survived the Biggest DDoS Attack Ever Recorded
Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS Attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.
Unlike the formal botnet attacks used in large DDoS efforts, like against Dyn and the French telecom OVH, memcached DDoS attacks don't require a malware-driven botnet. Attackers simply spoof the IP address of their victim, send small queries to multiple memcached servers—about 10 per second per server—that are designed to elicit a much larger response. The memcached systems then return 50 times the data of the requests back to the victim.
Known as an amplification attack, this type of DDoS has shown up before. But as internet service and infrastructure providers have seen memcached DDoS attacks ramp up over the last week or so, they've moved swiftly to implement defenses to block traffic coming from memcached servers.
"Large DDoS attacks such as those made possible by abusing memcached are of concern to network operators," says Roland Dobbins, a principal engineer at the DDoS and network-security firm Arbor Networks who has been tracking the memcached attack trend. "Their sheer volume can have a negative impact on the ability of networks to handle customer internet traffic."
The infrastructure community has also started attempting to address the underlying problem, by asking the owners of exposed memcached servers to take them off the internet, keeping them safely behind firewalls on internal networks. Groups like Prolexic that defend against active DDoS attacks have already added or are scrambling to add filters that immediately start blocking memcached traffic if they detect a suspicious amount of it. And if internet backbone companies can ascertain the attack command used in a memcached DDoS, they can get ahead of malicious traffic by blocking any memcached packets of that length.
"We are going to filter that actual command out so no one can even launch the attack," says Dale Drew, chief security strategist at the internet service provider CenturyLink. And companies need to work quickly to establish these defenses. "We’ve seen about 300 individual scanners that are searching for memcached boxes, so there are at least 300 bad guys looking for exposed servers," Drew adds.
Most of the memcached DDoS attacks CenturyLink has seen top out at about 40 to 50 gigabits per second, but the industry had been increasingly noticing bigger attacks up to 500 gbps and beyond. On Monday, Prolexic defended against a 200 gbps memcached DDoS attack launched against a target in Munich.
Wednesday's onslaught wasn't the first time a major DDoS attack targeted GitHub. The platform faced a six-day barrage in March 2015, possibly perpetrated by Chinese state-sponsored hackers. The attack was impressive for 2015, but DDoS techniques and platforms—particularly Internet of Things–powered botnets—have evolved and grown increasingly powerful when they’re at their peak. To attackers, though, the beauty of memcached DDoS attacks is there's no malware to distribute, and no botnet to maintain.
The web monitoring and network intelligence firm ThousandEyes observed the GitHub attack on Wednesday. "This was a successful mitigation. Everything transpired in 15 to 20 minutes," says Alex Henthorne-Iwane, vice president of product marketing at ThousandEyes. "If you look at the stats you’ll find that globally speaking DDoS attack detection alone generally takes about an hour plus, which usually means there’s a human involved looking and kind of scratching their head. When it all happens within 20 minutes you know that this is driven primarily by software. It’s nice to see a picture of success."
GitHub continued routing its traffic through Prolexic for a few hours to ensure that the situation was resolved. Akamai's Shaul says he suspects that attackers targeted GitHub simply because it is a high-profile service that would be impressive to take down. The attackers also may have been hoping to extract a ransom. "The duration of this attack was fairly short," he says. "I think it didn’t have any impact so they just said that’s not worth our time anymore."
Until memcached servers get off the public internet, though, it seems likely that attackers will give a DDoS of this scale another shot.

DDoS R Us
  • That DDoS that blacked out the internet for the East Coast in 2016? All part of a Minecraft scam, obviously
  • Here's what made that so-called Mirai botnet so hard to defeat
  • Netflix once pointed a massive DDoS at itself to try to make the entire internet safer

French embassy 'under attack' in Burkina Faso's capital
Why Silvio Berlusconi looks like stability to many Italians
Prince Harry and Meghan Markle's 'people's wedding': Hundreds of school children invited to Windsor Castle
Holi Festival 2018: Google marks Festival of Colour with dramatic doodle
Israeli police question Netanyahu in telecoms corruption case
Melania Trump Got A Green Card For Immigrants With ‘Extraordinary Abilities’
Chinese state media loves Elon Musk's latest tweets
Here's why Trump's tariffs spooked markets around the world
World Book Day 2018: teachers, send us pictures of your costumes
How to celebrate Women's History Month in Philadelphia
‘Mass casualty incident’ Ambulances rush to Houston school amid fears of major gas leak
Ex-USA Volleyball coach accused of raping six girls 'hundreds of times,' lawsuit alleges
Jennifer Lawrence Unsure If She Will Speak With Ryan Seacrest at Oscars
Prince William to make first official royal visit to Israel and Palestine
Equifax identifies additional 2.4 million customers hit by data breach
Russia developing nuclear weapons immune to interception, Putin claims
Uber Health will get patients to and from the doctor
UK snow latest: Make sure your car is fully protected from STORM EMMA with these 10 tips
Meghan Markle SPEAKS OUT for women in first Royal engagement with the Duchess of Cambridge
Chadwick Boseman Surprises Passionate 'Black Panther' Fans on 'Tonight Show'
White House Comms Director And Longtime Trump Aide Is Resigning
The unseen power of Hope Hicks
'Tutu' painting by Ben Enwonwu sells for $1.6 million
Oscars Host Jimmy Kimmel Explains Why He Won't Reference #MeToo And Time's Up
Georgia teacher arrested after firing gunshot alone in school classroom
#MeToo and #TimesUp have pushed 48% of companies to review pay policies
10 best foods for your heart
Thousands of jobs at risk as Maplin and Toys R Us fall into administration - business live
Florida school shooting survivors return to school for first time since massacre
Bill Gates Says Cryptocurrencies Have Caused Deaths
Afghanistan offers to recognize Taliban as legitimate 'political party'
Hope Hicks refuses to answer U.S. House investigators’ questions about Trump administration
Japan unveils Tokyo 2020 Olympics superhero mascots
Jared Kushner, President Trump's son-in-law, has security clearance downgraded
Facebook Named Live Stream Partner for 'The Oscars: All Access'
iQiyi, the Netflix of China, is going public in the US
Close Trump aide Hope Hicks testifies in House Intelligence Committee regarding Russia probe
Donald Trump WILL run for US President in 2020 as Republican names his campaign chief
Jennifer Lawrence Drinks Rum With Stephen Colbert, Calls Harvey Weinstein a "Horrible Ass Boil"
Apple is leading the race to $1 trillion
Four billboards say Serena Williams is the 'greatest momma of all time'
Global Markets: Asian shares rise to three-week high ahead of Powell's testimony
Kim Kardashian West's Vogue India Cover Sparks Debate About Representation
Russia's 'humanitarian pause' comes into effect in eastern Ghouta
Gov Jay Inslee To Trump: ‘Less Tweeting ... More Listening’
Saudi Arabia sacks military commanders in late-night reshuffle
North Carolina man killed on Facebook Live minutes after leaving police station
Supreme Court won't hear Trump bid to end DACA program
Apple confirms that it's a Google Cloud customer — and it's a big victory for Google cloud boss Diane Greene
Ivanka Trump: It’s ‘Inappropriate’ To Ask Me About My Father’s Accusers
“I really believe I’d run in there even if I didn’t have a weapon,” said Trump.
Kevin Smith suffers massive heart attack, tweets 'For now, I’m still above ground!'
Jennifer Lawrence dropped out of middle school, says she's 'self educated'
Qualcomm Leaves Price as Final Hurdle to Broadcom Takeover
Lewinsky sees 'problematic' issue of consent in Clinton affair
Jacinda Ardern's 'sexist, creepy' 60 Minutes interview angers New Zealand
Ivanka Trump Doesn’t Know If Teachers Should Be Armed
'Black Panther' roars past $700M worldwide
Storms kill four people in Kentucky, Arkansas
Kompany on target as Manchester City cruise past Arsenal in Carabao Cup final
Papua New Guinea hit by 7.5 earthquake
From News to Shoes: How big is big tech?
Olympian Gus Kenworthy Burns Ivanka Trump: ‘TF Is She Doing Here?’
Sridevi Kapoor, Bollywood superstar, dies aged 54
US, Britain in cybersecurity divide over Chinese tech firm Huawei
NRA defends itself after corporations pull away
Toyota, Hyundai recall roughly 110000 vehicles
Record-breaker Marit Bjoergen sends Norway top of final medal tally
China to drop presidential term limits, clearing way for Xi Jinping to stay on
North Korea willing to talk to US, South Korea says
Deandre Ayton dominant but Arizona falls in OT
Democrats' new Russia memo is an anti-Trump political attack
Mexican president cancels trip to Washington after heated call with Trump.
Ivanka Trump tours Olympic venues, meets athletes after vow to increase pressure on North Korea
Warren Buffett letter: 3 tips for stock investors
Emma Chambers Dies at 53
UN Security Council approves 30-day Syria ceasefire
Italian election: Chaos on the streets of Italy as riot police CLASH with antifascists
Watch: Moment when police officers catch falling 5-year-old
Jennifer Lawrence, Catt Sadler Prepping #MeToo, Time's Up Movement TV Docuseries
Apple, Amazon, YouTube Urged To Pull NRA TV Channel
Report: School shooter describes emotional struggle in 911 call
Ivanka Trump practices diplomacy on South Korea Olympics trip
How Kylie Jenner should really use her power
The secret behind Norway's Winter Olympic success
I try like hell to hide that bald spot, says Donald Trump – video
U.S. expects to open Jerusalem embassy in May, officials say
Switzerland: 2 killed in shooting in Zurich
Trump announces new North Korea sanctions
Tesla buyers to lose $7,500 tax credit later this year
Harvery Weinstein apologizes to Jennifer Lawrence, Meryl Streep for lawyers' words
Tiffany Haddish named host of 2018 MTV Movie & TV Awards
There Could Be 7 Amazon Go Stores This Year
Alina Zagitova edges countrywoman Evgenia Medvedeva to win figure skating gold
Rights group: Turkey not avoiding civilians in Syria strikes
'The Bachelor Winter Games' Finale Delivers Surprise Engagement
Ivanka Trump to attend closing ceremony
Justin Trudeau's India visit sparks outrage
How does KFC run out of chicken?
'France is no longer free': Marine Le Pen's niece brings French far right to CPAC
NRA's Wayne LaPierre says gun control advocates 'hate individual freedom'
WATCH: Bundestag speech SCOLDING Merkel for THREATS to Britain prompts HUGE APPLAUSE
Jimmy Kimmel, Stephen Colbert, Trevor Noah on kids who 'got woke' in Best of Late Night
Oprah Reacts To Trump’s Tweet Calling Her ‘Very Insecure’
Snapchat stock drops on news Kylie Jenner no longer uses the app
U.S women's hockey gold medal came in great Olympic game, made even greater statement
White powder letter sent to Prince Harry and Meghan Markle
Trump says only 'highly trained' teachers should have guns to prevent school shootings
Man dies after throwing device at US embassy in Montenegro
Perfect pastels: Why India's 'Pink City' is a photographer's paradise
Jennifer Lawrence responds to 'sexist' dress criticism: 'It was my choice'
Trump Tower ‘BOMB THREAT’ after police receive ‘disturbance call’
Watch Chloe Kim and Jimmy Fallon Photo-Bomb Olympics Fans on Shortened 'Tonight Show'
Vice President Mike Pence visits the Texas-Mexico border
Who is NRA spokeswoman Dana Loesch?
Melania Trump’s parents are legal permanent residents. Experts say that means they likely relied on ‘chain migration,’ which Donald Trump has condemned
Jimmy Kimmel Explains His Reaction to Fergie's "Unusually Sultry" National Anthem at NBA All-Star Game
Bill Gates flunks Ellen's grocery shopping challenge
Actress Karla Souza alleges she was raped by director
Spokesman: Evangelist Billy Graham has died at age 99
Sky U.K. Orders Weekly ‘Late Late Show With James Corden’ Highlights Program
Uber Express is like a minibus with cheaper rides
Growth of AI could expand security threats if no action taken, report warns
Queen makes surprise appearance at London fashion week
Late-Night Hosts Applaud Florida Students Demanding Action on Gun Control
Jared Kushner reportedly doesn’t want to give up his security clearance.
US Vice President Mike Pence was set to meet with North Korean officials, but they canceled
There are no longer any words to describe Syria's horror
Olympic ice skating: Medvedeva sets world record, then Zagitova breaks it
Congress wonders if this time will be different for gun control
George and Amal Clooney to attend March For Our Lives
Donald Trump Jr. promotes Trump brand, new luxury developments in India
How the #MeToo women’s movement is changing politics
Turkey 'opens fire on Syrian regime forces' coming to the aid of Kurds in Afrin
Alleged $150K payoff to Trump accuser, ex-Playboy model Karen McDougal: Was it illegal?
Kim Jong Un's sister, Kim Yo Jong, is pregnant, report says
China and Europe love SpaceX's new Falcon Heavy rocket. Does NASA?
Say goodbye to Android Pay and hello to Google Pay
‘Black Panther’ Marks A New Kind Of Black Superhero Movie
Chelsea prepare for Barcelona clash but what is David Luiz doing to Tiemoue Bakayoko?
Man City star Sergio Aguero 'PUNCHES' Wigan fan after shocking FA Cup defeat - WATCH
American ice dance duo Madison Chock and Evan Bates suffer shocking fall in long program
Meghan Markle receives royal secretary ahead of wedding to Prince Harry
President Trump endorses Mitt Romney in Utah Senate race
Oxfam apologises to Haiti over sex allegations
Jimmy Fallon Duets With Paul Rudd in Olympics-Shortened, 5-Minute Version of 'Tonight Show'
Woman from iconic shooting photo: I hate it
Winter Olympics: Golden comeback for Canadian skaters Moir and Virtue
Al Franken was accused of sexual harassment. Now, he’s canceled his Miami appearance.
Google hopes AI can predict heart disease by looking at retinas
Pennsylvania Supreme Court issues new election map
Tessa Virtue And Scott Moir Break Their Own World Record In Ice Dance Short Program
Afrin: Syria 'sending fighters to help Kurds against Turkey'
Kremlin dismisses Mueller's indictment of 13 Russians
Duchess of Cambridge opts for green as black dresses sweep BAFTAs
Draymond Green laughed at Fergie's bizarre anthem performance
May warns universities over high cost of tuition fees
BREAKING: Mexico hit by 6.1 magnitude earthquake - people in streets as quake rocks Oaxaca
Six-year-old CHILD and three others wounded in Texas shooting, gunman at large
Trump slams Oprah, hopes to see her 2020 run to 'expose and defeat'
Berlin: 'Game of Thrones' Producer Frank Doelger to Head Intaglio Films (Exclusive)
Two hikers missing after Swiss avalanche
SpaceX to launch demo satellites for its high-speed internet project
5 killed in church shooting in Dagestan
Emma Watson donates £1 million to anti-sexual harassment campaign
The Latest: Netanyahu to Poland: Don't rewrite Holocaust
Greg Gutfeld's review of the Winter Olympics
SpaceX Delays Next Falcon 9 Rocket Launch to Feb. 21
Passenger plane crashes in Iran with 66 aboard, report says
Reports: Padres, 1B Eric Hosmer agree to deal
Neil Kinnock warns Jeremy Corbyn: ‘Stop Brexit to save the NHS’
Florida Agency Investigated Nikolas Cruz After Violent Social Media Posts
Trump Cites Facebook Executive In ‘Fake News’ Twitter Rant Over Indictments
13 dead after helicopter crash at Mexico earthquake site
Nathan Chen makes Olympic history by landing 6 quads
Wales shaken by 4.4 magnitude earthquake
Nigeria: three suicide bombers kill at least 20 people at market
BREAKING: Great Portland Street fire: 50 fire fighters swarm Soho near BBC building
Russia's Lavrov says reports on US election interference 'just blather'
Italian police clashes with anti-fascists leaves 7 injured
Trump meets Florida school shooting survivors as calls grow for tougher gun laws
Alleged Ex-Trump Paramour Says 'Catch And Kill' Practice Kept Her Quiet
Big Mexico quake cuts power and damages homes; two dead in crash
Trump visits Florida hospital, sheriff's office after Parkland shooting
'Did you learn anything new today?' Angela Merkel SMIRKS after this Brexit question
FBI failed to act on tip accused Florida gunman wanted to kill
Mueller indicts 13 Russian nationals over 2016 US election meddling
Mitt Romney, Trump critic on the right, poised for Senate run in Utah
Theresa May heads to Berlin to try and bypass Michel Barnier, but will it work? 
London Fashion Week protested by topless PETA activists and plus size women in lingerie
Canary Islands La Palma volcano hit by 70 earthquakes sparking emergency response
Skater Nathan Chen bobbles his Olympic short program; Yuzuru Hanyu leads
Black Panther's Chadwick Boseman: 'Everybody’s minds are opening up'
Google Image Search removes View Image button and Search by Image feature
Jennifer Aniston and Justin Theroux announce separation
Jimmy Kimmel Parody Ad Mocks Trump Lawyer Porn Star Payoff
Read Trump's speech addressing the Parkland school shooting
Florida shooting: First look as Nikolas Cruz arrives at jail, handcuffed in hospital robe
UK blames Russia for 'malicious' NotPetya cyber-attack
US superstar Mikaela Shiffrin wins giant slalom gold
Close