The software hosting repository GitHub was totally inaccessible for five minutes on Wednesday evening US time, following what is claimed to be the biggest distributed denial of service attack ever recorded.
In a blog post, GitHub said while the attack, which peaked at 1.3 Tbps via 126.9 million packets per second, also rendered its servers intermittently unavailable for another four minutes, no data was compromised as a result.
Akamai, which does the job of content delivery network for GitHub, said it was able to mitigate the attack which is said to have been carried out through an amplification vector using memcached over UDP port 11211.
GitHub said such attacks worked by abusing memcached instances that were accessible on the Internet with UDP support enabled.
{loadposition sam08}"Spoofing of IP addresses allows memcached’s responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source," the company said.
Thus far, the biggest DDoS attack has been one which was close to 1Tbps against the French hosting provider, OVH. Concurrent attacks against the company in September 2016 clocked in at 990Gbps.
The attacks on OVH were launched using the Mirai botnet which is made up thousands of IoT devices.
Akamai said there were more than more than 50,000 known vulnerable systems exposed at this time which could be used to launch similar attacks.
The amplification factor could be manipulated by changing the values in an open server, Akamai said, thus making it possible for a 203 byte request to result in a 100MB response of reflected traffic, per request.
It said the way to counter this was by blocking port 11211. "By default, memcached listens on localhost on TCP and UDP port 11211 on most versions of Linux, but in some distributions it is configured to listen to this port on all interfaces by default," Akamai said.
Graphic: courtesy Akamai