DDoS Attack on GitHub

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search

DDoS Attack

Amplification DoS Attack

On February 28th, 2018 between 17:21 and 17:26 UTC GitHub got hit by the biggest DoS Attack recorded by that time. The Service was accessible from 17:26 to 17:30 UTC, due to the huge distributed denial-of-service attack (DDoS). The confidentiality and integrity of all data was preserved during the attack. The peak data throughput raised up to 1.35Tbps via 126.9 million packets per second [1].

Background

The attackers used a distributed amplification DoS attack to gain a amplify the attack throughput. They used the Memcached protocol which relies on UDP, which doesn’t check the integrity of the IP header. This allowed the attackers to spoof the source IP address with the victims IP. Memcached server response with an up to 750kB big response message to an 15byte request. This is and amplification factor of 51,200 [2].

References

[1] https://github.blog/2018-03-01-ddos-incident-report/

[2] https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

[3] https://www.wired.com/story/github-ddos-memcached/