Just recently, GitHub, the most famous code sharing and hosting platform, faced the world’s most powerful DDoS attack. As per GitHub, the website was unavailable for about 5 minutes (17:21 to 17:26 UTC) on February 28th as a result of this massive torrent of 1.2 Tbps traffic targetting the site all at once.
Soon after the attack, within about 10 minutes, GitHub sought help from Akamai Prolexic, which is a DDoS mitigation service. To block the malicious packets, Akamai routed all the traffic through its scrubbing centers.
As per Akamai, the hackers were able to push the attack to about 126.9 million packets per second. The attack was more than twice the size of the September 2016 attacks that was a result of Mirai botnet.
This DDoS attack resulted from “memcached servers,” which are used to cache data and reduce the load due to memory intensive services. Many of these servers are exposed on the internet, and anyone can search for them.
Moreover, memcached DDoS attacks don’t need a Mirai-like malware botnet. Instead, the attackers can just spoof the victim’s IP and send small packets to different memcached servers to get an amplified response, according to Wired’s detailed report.
After the attack, GitHub continued to route its traffic via Akamai’s service to make sure that the situation was in control. It’s also worth noting that we might be on the cusp of even a bigger DDoS attack as memcached services continue to be online.