Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday March 02 2018, @12:46PM   Printer-friendly
from the quick-reaction dept.

GitHub has been hit with the largest-ever DDoS attack, and it was only down for a few minutes:

On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack.

[...] Cloudflare described an amplification vector using memcached over UDP in their blog post this week, "Memcrashed - Major amplification attacks from UDP port 11211". The attack works by abusing memcached instances that are inadvertently accessible on the public internet with UDP support enabled. Spoofing of IP addresses allows memcached's responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source. The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.

[...] Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Also at Wired and The Register.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Friday March 02 2018, @02:18PM (1 child)

    by Anonymous Coward on Friday March 02 2018, @02:18PM (#646364)

    There's been some crazy news about internet censorship out of China over the last week or so

    Yeah... but unless such a DDOS can be maintained (it can't), it does the government of China very little good. Perhaps none at all.

    Plus, GIT is a distributed system where the repos can be trivially cloned and in the case of such ware, no doubt have been. GitHub may be down, but the repositories that were seeded from there most certainly are not.

    Yet people involved in DDOS attacks are generally really, really stupid, that's why they do such things, so perhaps you're right and someone in China's government thought (for very low levels of qualification as "thought") this would be meaningful.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 2) by VLM on Friday March 02 2018, @03:03PM

    by VLM (445) Subscriber Badge on Friday March 02 2018, @03:03PM (#646396)

    I can't help but notice here we are talking about Chinese military activity and this is basically the American propaganda response when the Chinese encircled the Chosin Reservoir in the (First, so far) Korean War. Its weird to mentally search and replace parts of your comment to read like a newsreel from 1950. Possibly you were doing this on purpose because it is kinda cool.

    Chosin Reservoir was kinda the LOTR scene for the Chinese where Gandalf says "You shall not pass". Chinese human wave attacks meant the extremely rapid march north to the NK/China border ended with a march right back to the old NK/SK border (more or less) and just sit there and do attrition for a couple more years and then a couple decades of the DMZ thing. Obviously that's what the Chinese are hoping for their DDOS against github, eventually they'll do something big enough to knock github out and start progressing.

    People get confused about github. Its not a cloudy filestore, all the money goes into social engineering to include codes of conduct for later censorship of the "wrong" opinions or enforcing diversity, which is supposedly good, although no one can explain why, via pretty explicit sexism and racism against white/asian males, which is supposedly good although no one can explain why hate is so doubleplus good if its against the correct victims. So, if you still think they're a filestore, then dumping firewall avoidance tools (proxies, I suppose) is a huge fail, but if you think the purpose of github is two minutes hate of fucking white males, then why not dump some code that isn't anti-asian enough anyway? So the Chinese have good reason to think they will win, its not really crazy from their position.