On February 28, GitHub found its code hosting platform hit by what’s believed to be the largest Distributed Denial of Service (DDoS) attack ever recorded – and lived to tell the tale.
A DDoS attack is one of the most common methods employed by hackers to take websites down: it involves bombarding sites with more traffic than they can handle, so as to overwhelm their servers and cause enough crashes to take the site offline temporarily.
In this case, GitHub faced a whopping 1.35 terabits per second of traffic, which caused its service to go down for a total of 10 minutes. After detecting the attack, it requested helped from Akamai Prolexic, a service that mitigates such incidents by routing traffic through its larger network and also blocking malicious requests. The company told Wired that it had never handled that much traffic all at once – but because it had designed its infrastructure to handle five times the traffic from the previous largest attack recorded, Akamai managed to bring GitHub back online in just a few minutes.
The last attack carried out on such a large scale affected Dyn in October 2016, when the US-based DNS provider was hit by 1.2 Tbps of traffic.
Interestingly, no botnets were involved in this attack, as is usually the case with DDoS incidents. Instead, the hackers went with what’s known as an amplification attack. They spoofed GitHub’s IP address, and sent queries to several memcached servers that are typically used to speed up database-driven sites. The servers then amplified the returned the data from those requests to GitHub – only, amplified by 50 times.
It’s good to know that even with this much traffic, the attackers couldn’t do much harm besides interrupting GitHub’s service for a few minutes. Clearly, network infrastructure providers are getting better at handling DDoS attacks – but they’ll need to do more to stay a step ahead of hackers in the future.
The Next Web’s 2018 conference is just a few months away, and it’ll be ??. Find out all about our tracks here.