GitHub hit by largest DDoS attack in history


GitHub has managed to defend its site from the largest distributed denial of service (DDoS) attack ever recorded thanks to help from Akamai Prolexic's DDoS mitigation platform. 

The developer platform was hit with an overwhelming 1.35TB/s of traffic using an increasingly popular DDoS method that, unlike 2016's attack on DNS service provider Dyn, does not require the use of a botnet. 

At first GitHub's systems experienced intermittent outages but within 10 minutes, its security system had assessed the situation and automatically called Akamai Prolexic for help.  The firm's DDoS mitigation services were then used to reroute all of the traffic coming into GitHub.  Akamai sent the site's traffic through its scrubbing centres to identify and then block malicious packets. 

The hackers behind the attack were deterred thanks to the quick response from both companies and it ended after eight minutes. 

The DDoS attack on GitHub stands out from some other notable attacks due to the fact that the hackers chose to forego using a botnet and instead opted to utilise large number of memcached servers on the Internet.    

These servers are utilised by companies to improve the performance of databases since they store data closer to the actual database.  However, since they are located on the public Internet, hackers have learned to spoof their IP addresses to send small queries to multiple memcached servers.  The servers then return 50 times more data back to the victim which makes them so effective in DDoS attacks. 

GitHub's decision to sign up for Akamai Prolexic's DDoS mitigation services played a key role in ensuring that this attack did not have the same impact as the one that affected Dyn and in turn the entire Internet back in 2016. 

Image Credit: Profit_Image / Shutterstock