GitHub, the software developers platform, revealed that it came under the world’s larges DDoS (Distributed Denial of Service) attack on February 28. The attack took the GitHub servers offline for around ten minutes (17:21 to 17:26 UTC). However, GitHub management, with their experience, was able to defend their trough and ensured that no data is lost during the attack. GitHub is used invariably by all cryptocurrency coders.
The hackers relied on “memcaching” to massively amplify the traffic inflow to GitHub. Memcaching is a distributed memory system known for high-performance and demand. Initially, GitHub’s IP address was initially spoofed to gain control of memcached instances that are “inadvertently accessible on the public internet.”
The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. The attack peaked at 1.35Tbps via 126.9 million packets per second. The first portion of the attack peaked at 1.35Tbps and there was a second 400Gbps spike a little after 18:00 UTC.
Following the increase in inbound transit bandwidth to over 100Gbps, GitHub moved the traffic to Akamai, which provided additional edge network capacity. Akamai Prolexic also removed and blocked malicious data.
This is not the first time GitHub is subject to attack on a massive scale. In 2015, the software repository service faced a five day attack and Chinese government was suspected to have a hand in it. In 2016, a cloud provider in France was subjected to 1.1 Tbs DDoS attack by Mirai botnet.
GitHub said it is investigating the use of monitoring infrastructure to automate enabling DDoS mitigation providers. GitHub is also planning to expand the edge network and strive to identify and mitigate new attack vectors before they affect users workflow.