GitHub said its website was hit by 1.3 terabits of data per second, the largest recorded DDoS attack in history on February 28, 2018. The world’s biggest developer platform suffered from a series of outages before asking for assistance from Akamai Prolexic (a leading DDoS mitigation services company), who assumed control of the traffic by steering everything through its bigger servers. By doing this, they eased the burden on GitHub servers while filtering out the malicious content. The bad actors inevitably surrendered and GitHub continued its normal operations in under 10 minutes.
Now the attackers were able to back off at some point because it takes resources even on their part to carry out attacks as big as that. In such cases it either you sit out the attack by doing nothing or engage the services of anti-DDoS companies to filter out the unwanted traffic.
According to an incident report from GitHub, they said “Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.” The report added that “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”
Maybe most intriguing part of this attack it did not utilise a botnets, as is regular thing in most DDoS attacks. By and large, DDoS assaults endeavour to cut down sites or web servers by shooting them with more activity volume than they can deal with, causing crashes that power the site or potentially server to go disconnected briefly. The most effortless approach to produce such expansive volumes of movement is by utilising botnets – a system of Internet based platforms, each running at least one bot that direct a constant flow of traffic. Be that as it may, on account of the GitHub attack, the attackers changed their technique, utilising something many refer to as an “amplification attack”.
Amplification attacks depend on “Memcached servers”, database caching systems that are utilised to help speed up websites. In any case, there are no validation securities on these servers, implying that if exposed to the wrong guys, they can get to them, sending them packets that the server reacts to with a bigger reply, up to 50 times the information of the first query.
The GitHub report concluded by saying “We’re going to continue to expand our edge network and strive to identify and mitigate new attack vectors before they affect your workflow on GitHub.com.”