Ayan Banerjee Logo

Designed and Created By Ayan Banerjee

All photos from Unsplash. Credits to their respective owners

AB logo made by Debangsu Basu

Made with and Node.js

Sqreen | Runtime Application Protection

Image by Sam Austin
blog image
Image by Sam Austin
From Conscious to

Unconscious

The DDoS attack
on Github

What Happened?

On 28th Feb 2018 at around 17.21 UTC the world's open source distributor service for developers went offline for about 5 minutes as a result of massive DDoS attack trafficking upto 1.2Tbps of data all at once.

What are DDoS

DDoS stands for Distributed Denial-of-Service and is used to prevent users from accessing a particular machine or network such as a website. The difference between normal Denial-of-Service and Distributed DoS is that the former is done from a single computer and the later is done with multiple computers that increases the number of request by a huge factor. The attacker floods the victim machine by sending multiple unusual request while the victim computer cannot process and freezes for a short span of time.

What makes this attack noticeable

The attack in github was no ordinary DDoS attack. It uses a social technique called the memcached server which is loophole in the UDP protocol that has being mentioned earlier in 2016 but nobody taken care of. Memcached don't require any type of authentication and that's what make this more vulnerable. What Happened in memcached is that these servers typically store the response sent to the user as a request, as if the actual website takes too long to respond. Hackers have found a way to finally use this according to their advantage. The problem with this is that the data packets sent to the servers is relatively large in size (around 51000 times) then normal request which makes the transfer of 1.35Tbps possible.

What happened to Github

As a result the site went down for 10 minutes. Github claims that all the data is safe and this attack didn't cause any harm to any of the confidential information. Github backend was handled by Prolexic Technologies, a subsidiary of Akamai Technologies that provides DDoS mitigation services. All the network requests directed towards GitHub and the responses generated by its systems were then routed through Prolexic’s network infrastructure. In this way, Prolexic was able to analyse GitHub’s request details to identify the malicious sources responsible for the attack. Prolexic's Scanners took around eight minutes for the entire process of the discovery and obstruction of the malicious packets.

What Now?

After a week of later, The same technique was used to direct an even bigger attack to an unammed US service provider reaching a whooping speed upto 1.7Tbps. However the US service provider survives the attack, according to the Arbor networks. With such vulnerable technique like memcached, in a world like where everything is connected to internet, we are at a verge of a cyber war. -Ayan Banerjee