• Skip to main content
  • Skip to primary sidebar

DDoS Blog

Cyber Security News

Massive Memcached DDoS Attacks Mark Largest Ever

March 10, 2018 By TheNewsTeam

Last week, code repository GitHub experienced the most powerful DDoS attack recorded to date at 1.35 Tbps. No botnet was required, and it used an increasingly popular DDoS method.

GitHub’s site was only down for 10 minutes as it automatically called for help in the face of the massive assault from its DDoS protection service, Akamai Prolexic. Prolexic took over the fight, routing all GitHub’s incoming and outgoing traffic, sending it through its scrubbing centers to block the malicious packets while letting the legitimate traffic through. After 8 minutes, the attackers pulled back and the assault dropped off.

The closest previous attack in size was that launched on the Internet infrastructure company Dyn in late 2016 at 1.2 Tbps, which led to connectivity issues across the U.S.

“We modeled our capacity based on fives times the biggest attack that the internet has ever seen,” Josh Shaul, vice president of web security at Akamai told Wired. “So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope.”

Prolexic had only recently added specific provisions for mitigating DDoS attacks stemming from memcached severs. Only a few days earlier – on February 27th, Akamai and other security companies announced the discovery of this kind of reflection and amplification vector. At that time, Akamai had seen multiple attacks, but none larger than 190 Gbps; however, they noted the potential for much larger attacks.

On March 5th, only four days after the GitHub attack, Netscout Arbor confirmed that a 1.7Tbps reflection/amplification attack was directed at a customer of a U.S. based service provider. Its ATLAS global traffic and DDoS threat detection system identified the attack as based on “the same memcached reflection/amplification attack vector that made up the Github attack”. The service provider did not experience any outages, which as Arbor pointed out, is testament to the defense capacity the provider had in place.

Arbor noted the need for companies to ensure that their defense providers can mitigate attacks at this scale.

Filed Under: DDoS Case Studies, MemCached DDoS, Types of Attack Tagged With: Akamai, Amplification Attacks, Arbor Networks, GitHub, largest DDoS attack, MemCached DDoS, Prolexic

Primary Sidebar

Directory

  • Accidental DDoS
  • Akamai
  • Arbor Cloud
  • Business Rivalry DDoS
  • China Unicom
  • Cloud Computing
  • Cloudflare
  • Corero Network Security
  • DDoS Case Studies
  • DDoS Foundations
  • DDoS History
  • DDoS Landscape
  • DDoS mitigation
  • DDoS Motivation
  • DDoS Protection Services
  • DDoS Scripts
  • DDoS Tools
  • DNS Amplification
  • DNS Flood
  • DoSarrest
  • Extortion DDoS
  • F5 Networks
  • Genie Networks
  • Google
  • Government
  • Hacktivist DDoS
  • HTTP Attack
  • ICMP Flood
  • Imperva Incapsula
  • Infrastructure-related attacks
  • IoT DDoS
  • IP Fragmentation Attack
  • IP Null Attack
  • Kentik
  • LAND attack
  • MemCached DDoS
  • Mitigation Techniques
  • Multi-vector Attack
  • Nation State DDoS
  • Neustar
  • Nexusguard
  • NTP Amplification Attack
  • Null Routing
  • PING Flood
  • Ping of Death
  • Random Recursive GET attack
  • Recursive GET attack
  • Reflection Attack
  • Script Kiddies DDoS
  • Slowloris
  • Slowloris
  • Smokescreen DDoS
  • Specially Crafted DDoS
  • SSL-based DDoS
  • SYN Floods
  • SYN-ACK Flood
  • Types of Attack
  • Types of Mitigation
  • UDP Flood
  • Uncategorized
  • Verisign
  • Verizon
  • XML-DoS
  • Zero-day DDoS Attack
Copyright © 2017 Disclaimer. Privacy Policy
All product names, logos, and brands are property of their respective owners.