It’s been 2 years since GitHub dealt with what has been to date the largest reported DDoS attack in history, and most notably, they were able to resolve the situation in 10 minutes Between 17:21 and 17:30 UTC on February 28, 2018, GitHub was able to identify and mitigate a DDoS attack that impacted the platform with a monumental amount of traffic: 1.35 Tbps (terabits per second) sent over 126.9 million packets per second.
The attack was even bigger than the one suffered by the Dyn company in October 2016 (1.2 Tbps) and it affected big sites like Twitter, Reddit, Spotify, Paypal and more.
The massive DDoS attack that GitHub suffered did not require any botnet but took advantage of some 100,000 mencached servers, that is, they cache all kinds of data to optimize the speed of networks and websites. The servers used belonged to different businesses and institutions that, because they were not protected by authentication systems, accept requests from anyone, the DDoS attack took advantage of them to amplify the amount of traffic sent to GitHub.
According to GitHub that used the services of Akamai Prolexic to mitigate DDoS attacks, they took control immediately and in just 8 minutes the attackers surrendered and ended the attack, which he is happy to do since this company was prepared and shows what is important. which is to be prepared for anything.
While GitHub was prepared for this, the underlying problem is still the exposed memcached servers and how they are increasingly being used to power DDoS attacks. Now the community behind the infrastructures is the one who must attack the problem and make the owners of these exposed servers remove them from the Internet, hide them behind firewalls or move them to internal networks. Meaning that not the entire community is aware of how risky this can be by not taking the necessary protection measures.
[…] reads:GitHub resist the largest DDoS attack 2 years ago“Collection” the largest data breach in […]