GitHub, a software platform developer, recently faced what has been described as one of the most powerful distributed denial of service (DDoS) attacks seen to date.
An explosion of traffic — 1.35 terabits per second — bombarded the site on Wednesday afternoon from over a thousand different autonomous systems. The sudden deluge of data overwhelmed GitHub’s online server until it lost power for roughly 5 minutes, according to the company’s Thursday blog post on the attack.
After grappling with the outages for a couple minutes, GitHub quickly turned to Prolexic, a DDoS mitigation service provided by Akamai Technologies.
The service re-routed all the traffic to go through its scrubbing centers, which filtered through the incoming data with the goal of blocking any malicious software packages being driven toward its servers. There were about 126.9 million packets per second being rushed to GitHub’s systems at the peak of the attack, according to GitHub.
Akamai in a Thursday blog post said the assault was the “largest attack seen to date … more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed.”
Josh Shaul, vice president of web security at Akamai, told Wired that the company had designed their model so that it could handle an attack that was fives times the size of the “biggest attack that the internet has ever seen.”
“So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope,” Shaul told the news outlet hours after the attack ended.
Akamai said in its analysis that it not only expects an increase in these types of DDoS attacks that target so-called Memcached servers — many of which are openly exposed on the internet — but it also predicts “many more, potentially larger attacks in the near future.”
Unlike other large-scale DDoS attacks, no malware-driven botnet was needed to carry out this attack because Memcached servers are easy to spoof with fake IP addresses.