Check out the TB2K CHATROOM, open 24/7               Configuring Your Preferences for OPTIMAL Viewing
  To access our Email server, CLICK HERE

  If you are unfamiliar with the Guidelines for Posting on TB2K please read them.      ** LINKS PAGE **



*** Help Support TB2K ***
via mail, at TB2K Fund, P.O. Box 24, Coupland, TX, 78615
or


TECH GitHub Survived the Biggest DDoS Attack Ever Recorded
+ Reply to Thread
Results 1 to 16 of 16
  1. #1
    Join Date
    May 2001
    Location
    Buffalo, NY
    Posts
    5,331

    GitHub Survived the Biggest DDoS Attack Ever Recorded

    I found this interesting, an attack of this proportion usually isn't overcome. Also, I've never heard of GitHub, will find out what it actually does after some short research.

    Michael

    For fair use education/research purposes.

    The link: https://www.wired.com/story/github-d...CNDID=50085893

    The article:

    GitHub Survived the Biggest DDoS Attack Ever Recorded
    By Lily Hay Newman

    On Wednesday, at about 12:15 pm EST, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method, no botnet required.

    GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off.

    The scale of the attack has few parallels, but a massive DDoS that struck the internet infrastructure company Dyn in late 2016 comes close. That barrage peaked at 1.2 terabits per second and caused connectivity issues across the US as Dyn fought to get the situation under control.

    “We modeled our capacity based on fives times the biggest attack that the internet has ever seen,” Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. “So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope."


    Real-time traffic from the DDoS attack.

    Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them and send them a special command packet that the server will respond to with a much larger reply.

    Unlike the formal botnet attacks used in large DDoS efforts, like against Dyn and the French telecom OVH, memcached DDoS attacks don't require a malware-driven botnet. Attackers simply spoof the IP address of their victim and send small queries to multiple memcached servers—about 10 per second per server—that are designed to elicit a much larger response. The memcached systems then return 50 times the data of the requests back to the victim.

    Known as an amplification attack, this type of DDoS has shown up before. But as internet service and infrastructure providers have seen memcached DDoS attacks ramp up over the last week or so, they've moved swiftly to implement defenses to block traffic coming from memcached servers.

    "Large DDoS attacks such as those made possible by abusing memcached are of concern to network operators," says Roland Dobbins, a principal engineer at the DDoS and network-security firm Arbor Networks who has been tracking the memcached attack trend. "Their sheer volume can have a negative impact on the ability of networks to handle customer internet traffic."

    The infrastructure community has also started attempting to address the underlying problem, by asking the owners of exposed memcached servers to take them off the internet, keeping them safely behind firewalls on internal networks. Groups like Prolexic that defend against active DDoS attacks have already added or are scrambling to add filters that immediately start blocking memcached traffic if they detect a suspicious amount of it. And if internet backbone companies can ascertain the attack command used in a memcached DDoS, they can get ahead of malicious traffic by blocking any memcached packets of that length.

    "We are going to filter that actual command out so no one can even launch the attack," says Dale Drew, chief security strategist at the internet service provider CenturyLink. And companies need to work quickly to establish these defenses. "We’ve seen about 300 individual scanners that are searching for memcached boxes, so there are at least 300 bad guys looking for exposed servers," Drew adds.

    "It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope."

    Josh Shaul

    Most of the memcached DDoS attacks CenturyLink has seen top out at about 40 to 50 gigabits per second, but the industry had been increasingly noticing bigger attacks up to 500 gbps and beyond. On Monday, Prolexic defended against a 200 gbps memcached DDoS attack launched against a target in Munich.

    Wednesday's onslaught wasn't the first time a major DDoS attack targeted GitHub. The platform faced a six-day barrage in March 2015, possibly perpetrated by Chinese state-sponsored hackers. The attack was impressive for 2015, but DDoS techniques and platforms—particularly Internet of Things–powered botnets—have evolved and grown increasingly powerful when they’re at their peak. To attackers, though, the beauty of memcached DDoS attacks is there's no malware to distribute, and no botnet to maintain.

    The web monitoring and network intelligence firm ThousandEyes observed the GitHub attack on Wednesday. "This was a successful mitigation. Everything transpired in 15 to 20 minutes," says Alex Henthorne-Iwane, vice president of product marketing at ThousandEyes. "If you look at the stats you’ll find that globally speaking DDoS attack detection alone generally takes about an hour plus, which usually means there’s a human involved looking and kind of scratching their head. When it all happens within 20 minutes you know that this is driven primarily by software. It’s nice to see a picture of success."

    GitHub continued routing its traffic through Prolexic for a few hours to ensure that the situation was resolved. Akamai's Shaul says he suspects that attackers targeted GitHub simply because it is a high-profile service that would be impressive to take down. The attackers also may have been hoping to extract a ransom. "The duration of this attack was fairly short," he says. "I think it didn’t have any impact so they just said that’s not worth our time anymore."

    Until memcached servers get off the public internet, though, it seems likely that attackers will give a DDoS of this scale another shot.

  2. #2
    It's probably to be expected since some of the Q anon stuff is hosted over there. If you ever needed a hint to know if the Q posts are legit, all you need to do is look at the attacks against every site where Q stuff is/has been posted.
    Last edited by susie0884; 03-07-2018 at 10:00 AM.

  3. #3
    Join Date
    May 2001
    Location
    Buffalo, NY
    Posts
    5,331
    Quote Originally Posted by susie0884 View Post
    It's probably to be expected since some of the Q anon stuff is posted there. If you ever needed a hint to know if the Q posts are legit, all you need to do is look at the attacks against every site where Q stuff is/has been posted.
    Well now, that makes a great deal of sense, thanks for the info susie0884. Every tidbit adds a little more information.

    Michael

  4. #4
    Join Date
    Sep 2005
    Posts
    12,997
    Quote Originally Posted by susie0884 View Post
    It's probably to be expected since some of the Q anon stuff is posted there. If you ever needed a hint to know if the Q posts are legit, all you need to do is look at the attacks against every site where Q stuff is/has been posted.
    My first thought. V

  5. #5
    Join Date
    Sep 2007
    Location
    Seattle
    Posts
    28,392
    NSA

  6. #6
    Join Date
    May 2001
    Location
    yankee baptist land
    Posts
    16,606
    Quote Originally Posted by vessie View Post
    My first thought. V
    Likewise. If you are getting flak, you are over the target
    ” Watch ye therefore and pray always that ye may be accounted worthy to escape all these things that shall come to pass and to stand before the Son of Man”
    Luke 21:36

    COLLAPSE NOW: avoid the rush

  7. #7
    ^^^Glad my intuition runs in the same channel as everyone else’s, here.

  8. #8
    It was a powerful attack. Thank God it was resolved.

  9. #9
    Join Date
    Jul 2002
    Location
    U.S.A.
    Posts
    3,513
    As a developer, we use GitHub all the time.


    HB
    "The national budget must be balanced. The public debt must be reduced; the arrogance of the authorities must be moderated and controlled. Payments to foreign governments must be reduced, if the nation doesn't want to go bankrupt. People must again learn to work, instead of living on public assistance."
    Cicero, 55 BC
    Roman author, orator, & politician (106 BC - 43 BC)
    "The more things change, the more they stay the same." -- popular cliché

  10. #10
    Yesterday there was a lot of exposure of a link to GitHub with the QAnon stuff with a specific post about a forthcoming HRC video... x rated. We'll see. Then the DDoS attack started.

  11. #11
    Join Date
    May 2001
    Location
    Illinois
    Posts
    20,632
    Might be wise to archive some of the crucial material, lest it disappear completely.
    "Freedom is not something to be secured in any one moment of time. We must struggle to preserve it every day. And freedom is never more than one generation away from extinction."
    -Ronald Reagan

  12. #12
    Quote Originally Posted by Sleeping Cobra View Post
    NSA
    Actually the Clowns in America and their varied associates would be the more likely attackers. The NSA would be more likely to protect it.

  13. #13
    Join Date
    Dec 1997
    Location
    State of Missouri
    Posts
    15,636
    Quote Originally Posted by susie0884 View Post
    It's probably to be expected since some of the Q anon stuff is hosted over there. If you ever needed a hint to know if the Q posts are legit, all you need to do is look at the attacks against every site where Q stuff is/has been posted.
    Are you sure about that? Posted at GitHub?
    "People are best convinced by reasons they discover on their own."

    "The next 20 years are going to be completely unlike the last 20 years." - Chris Martenson (The New 2014 Crash Course)

  14. #14
    Join Date
    Mar 2009
    Location
    A Socialist State
    Posts
    17,092
    btt
    Don't just go to church. BE THE CHURCH!

  15. #15
    Join Date
    Mar 2003
    Location
    Georgia
    Posts
    2,789
    Quote Originally Posted by susie0884 View Post
    It's probably to be expected since some of the Q anon stuff is hosted over there. If you ever needed a hint to know if the Q posts are legit, all you need to do is look at the attacks against every site where Q stuff is/has been posted.




    Has Q tried to communicate on the "Second Life" virtual reality program recently? The reason I ask is that SL suffered the biggest DDOS attack in its history one week ago for some reason or another. It took Linden Labs (who owns the SL program) about two whole days to completely overcome that attack last week. I know this for a fact as I am a member of SL and usually log in there at least once per day on most days. I had a lot of difficulty even logging in last week and I also had difficulty staying online even after I logged in there.

  16. #16
    Quote Originally Posted by Kris Gandillon View Post
    Are you sure about that? Posted at GitHub?
    Yes the main Q annon post list used to be right here:

    https://qcodefag.github.io/
    But not likely to die free

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts


NOTICE: Timebomb2000 is an Internet forum for discussion of world events and personal disaster preparation. Membership is by request only. The opinions posted do not necessarily represent those of TB2K Incorporated (the owner of this website), the staff or site host. Responsibility for the content of all posts rests solely with the Member making them. Neither TB2K Inc, the Staff nor the site host shall be liable for any content.

All original member content posted on this forum becomes the property of TB2K Inc. for archival and display purposes on the Timebomb2000 website venue. Said content may be removed or edited at staff discretion. The original authors retain all rights to their material outside of the Timebomb2000.com website venue. Publication of any original material from Timebomb2000.com on other websites or venues without permission from TB2K Inc. or the original author is expressly forbidden.



"Timebomb2000", "TB2K" and "Watching the World Tick Away" are Service Mark℠ TB2K, Inc. All Rights Reserved.