Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday March 02 2018, @12:46PM   Printer-friendly
from the quick-reaction dept.

GitHub has been hit with the largest-ever DDoS attack, and it was only down for a few minutes:

On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack.

[...] Cloudflare described an amplification vector using memcached over UDP in their blog post this week, "Memcrashed - Major amplification attacks from UDP port 11211". The attack works by abusing memcached instances that are inadvertently accessible on the public internet with UDP support enabled. Spoofing of IP addresses allows memcached's responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source. The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.

[...] Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Also at Wired and The Register.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by zocalo on Friday March 02 2018, @03:11PM (1 child)

    by zocalo (302) on Friday March 02 2018, @03:11PM (#646403)
    Or just the basic BCP38 [bcp38.info] for that matter - filtering spoofed packets entering your network from the edge. If you're a big webhost or end-user connectivity supplier, then if you're not already doing this then please either get it sorted or admit you don't know what the hell you are doing and try another line of business. If more people does this then UDP amplification attacks would be much harder to accomplish and far more limited in scope.
    --
    UNIX? They're not even circumcised! Savages!
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Insightful) by VLM on Friday March 02 2018, @03:20PM

    by VLM (445) Subscriber Badge on Friday March 02 2018, @03:20PM (#646408)

    I worked in that cutthroat line of business a long time ago and if you do the right thing, that'll cost time and money, and you'll get replaced in the market by people who save time and money by not bothering.