Stories
Slash Boxes
Comments

SoylentNews is people

GitHub Hit With Largest Ever DDoS: 1.35 Tbps

posted by martyb on Friday March 02 2018, @12:46PM   Printer-friendly
from the quick-reaction dept.

takyon writes:

GitHub has been hit with the largest-ever DDoS attack, and it was only down for a few minutes:

On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack.

[...] Cloudflare described an amplification vector using memcached over UDP in their blog post this week, "Memcrashed - Major amplification attacks from UDP port 11211". The attack works by abusing memcached instances that are inadvertently accessible on the public internet with UDP support enabled. Spoofing of IP addresses allows memcached's responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source. The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.

[...] Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Also at Wired and The Register.

Original Submission

 
This discussion has been archived. No new comments can be posted.
GitHub Hit With Largest Ever DDoS: 1.35 Tbps | Log In/Create an Account | Top | 50 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by VLM on Friday March 02 2018, @03:08PM (3 children)

    by VLM (445) on Friday March 02 2018, @03:08PM (#646400)

    The people who run Slashdot

    There's still people left? After a zillion mergers and sales and downsizing I thought the whole site was one small shell script. ALL the old timers are long gone, correct?

    I know from professional experience how "fun" it is to maintain something where the last original team member quit three years ago.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 5, Interesting) by zocalo on Friday March 02 2018, @03:49PM

    by zocalo (302) on Friday March 02 2018, @03:49PM (#646433)
    Not sure how much truth there is to the tale, but ISTR the current owners dumped all the previous editors bar one (the oft-maligned Timothy) who was only kept on to train up the current batch at which point they would then let go as well. Yeah, that's a really good way of motivating someone to do a good job. They now clearly have have no one who has much experience with the code left, and from the multiple protracted outages without so much of a Twitter post to explain what's going on, it seems they don't have much experience with running servers either. It wasn't that many years ago that Slashdot being down was given the same level of attention in the tech media as Twitter or Facebook going down today is, yet today no one even seems to care. How the mighty have fallen...
    --
    UNIX? They're not even circumcised! Savages!

  • (Score: 1) by DECbot on Friday March 02 2018, @09:31PM (1 child)

    by DECbot (832) on Friday March 02 2018, @09:31PM (#646646) Journal

    ... I thought the whole site was one small shell script.

    I imagine it is done more in Linux fashion, where there is one small shell script linking to hundreds of small scripts, utilities, and perl-one-liners dynamically calling thousands of more small scripts, utilities, and perl-one-liners stored in a MySQL database that has not been updated since 2006 when the database crashed after achieving 2²⁴ − 1 comments.

    --
    cats~$ sudo chown -R us /home/base

    • (Score: 2) by VLM on Sunday March 04 2018, @04:24PM

      by VLM (445) on Sunday March 04 2018, @04:24PM (#647642)

      when the database crashed after achieving 2²⁴ − 1 comments.

      I remember that although I remember it as being some autoincrementing primary key exceeded 32 bit integer. A somewhat common problem. Fixing it can be hard.