GitHub describes 1.3Tbit/s ddos ​​attack via memcached servers

GitHub was down for nine minutes this week due to a massive DDoS attack that fired 1.3Tbit/s of data traffic onto the servers. Traffic was diverted to Akamai, which speaks of the biggest ddos ​​the company has had to endure to date.

The attack reached GitHub on Wednesday and was so violent that the site was immediately unreachable. The ddos ​​came from thousands of autonomous systems, which fired 126.9 million data packets at the servers for a total bandwidth of 1.35Tbit/s. Five minutes after the start of the ddos, GitHub’s infrastructure automatically decided to route traffic through Akamai’s Prolexic network, which is more resistant to attacks of this magnitude. Nine minutes after the start of the attack, GitHub was available again.

According to Akamai, it was the largest attack it faced to date and more than doubled in traffic compared to a 2016 Mirai botnet attack. The attack also appears to be more extensive than the one against DNS. provider Dyn, which also took place via the Mirai botnet in 2016, and provided 1.2Tbit/s of data traffic.

The attack on GitHub was a so-called memcached attack. Akamai described these types of attacks last month. The memcached protocol is intended for caching data to offload disks and databases. Memcache from servers is not intended to be reachable over the Internet and no authentication is required to access it. However, tens of thousands of memcached systems are currently accessible via the Internet, making them vulnerable.

Attackers can spoof IP addresses from UDP traffic and send requests to the memcached systems, where the response from the servers is larger in size and through the spoofing reaches the target’s site. These are so-called reflection and amplification attacks, and Akamai expects attackers to target memcache more often.