DDoS denial of service attack against GitHub

On yesterday, March 1, 2018, there was what has so far been the biggest DDoS in history. In this case it wasn’t the Trump or BBC website as has happened in other times with some of those statements by the President of the United States that become a flame. In this case the attack has been directed towards GitHub.

We go for parts for those of you who have no idea of who are the lords of GitHub and for those who do not know what is a denial of distributed service And then we go on with the news.

GitHub

GitHub is an open source repository for developers. If you are a developer (before it was called a «programmer,» but we are very 2.0) and you want that the code that programs are available to the world so that it can be reused and other developers do not have to program the same, or if you have any project based on free software or just in case you want the community will help you review your code You can be discharged at GitHub. This site brings together a lot of free software projects that you can

and review, modify or run. And of course it’s one of the most traffic Internet services you have, millions of visits every day to upload new code, update existing code, make a backup of a project even if it’s not public or download some development. And all this for free. That free software is the bomb? We’ll talk another day more calmly about what free software is and why I have the Linux penguin (Tux) tattooed on my back… literally.

What is a denial of service?

As his own name indicates, a denial of service consists in making many requests to a server so that we reach the maximum number of connections that allows that server or consume the entire bandwidth of its Internet connection, so that real users will not be able to connect to the server. I mean, like when you left the key to your default Wifi (even though we’ve already commented on how dangerous that is.) and you have half a neighborhood connected to your Wifi, so everything is very slow. Be

it uses mainly as a protest when some service changes its policy or someone makes some creepy statements (what we said before Trump).

There are two types of denial-of-service attacks: the DoS (Denial of Service) which is when an attacker has more bandwidth than you and is simply dedicated to making many requests from your computer until yours stops responding because it has no more resources or because it is consuming all the bandwidth. And the DDoS (Distributed Denial of Service), which is when an attacker controls a lot of computers or devices connected to the Internet that all together make a request to your server, so no matter how much bandwidth you have, since among all the computers that attack you, they get more than you. It’s

is the most common attack today due to the amount of computers that are connected to the Internet with some kind of malware or troyano installed without its owner knowing it simply waiting for the attacker’s orders. It’s gonna be very clear to you with these two images I use in the courses when I talk about this. The first image is a DoS and the second is a DDoS:

And now that we have clear concepts, let’s talk about the news again.

DDoS to GitHub

GitHub suffered such attacks yesterday with a total bandwidth of 1.35 Tbps (terabits per second)!!! What does this figure mean? For you to get an idea, in my house I have a 50 Mbps connection from Vodafone… 1.35 Tbps is equal to about 1,415,577 Mbps, that is, as if an attacker could synchronize 28,311 connections like mine to attack all together at the same service. Brutal.

But this attack was not carried out using domestic connections, but the malote managed to synchronize 100,000 servers memcache connected to the Internet to send to GitHub data they already had in cache, that is, that they had already been sent to GitHub and were ‘caught’ in memory in case they had to be sent back, so that all the work of reloading them in memory is saved, so the malote What he did was tell these servers to send back to GitHub all that code they already sent in due course. Can you imagine the sheer data that is that 1.35 Tbps?. < /

p >

The surprising thing about history is not that it is the greatest of the attacks we have seen so far (which also), but that GitHub!. In less than 10 minutes managed to rule out good traffic from bad traffic and reject all traffic from those 100,000 servers memcache through firewalls and to divert traffic to services that filter traffic like Akamai (a service that serves precisely that, is able to distinguish the traffic of real users from the traffic of attackers and redirect

to the real servers of the company only good traffic).

The problem with this kind of attack is that We can’t do much to prevent them.. In the case of GitHub they managed to stop him because they were prepared for such attacks, surely from the experience (and by a good risk analysis), so they already had the right firewalls and contract with the traffic filtering company, but what if someone decided to attack our company or website? For we certainly couldn’t do much to avoid it. In fact, with the money you have in your portfolio right now (I’m already at the end of the month (yes, I know it’s day 2)) but with 20 or 30?

? it would be possible to hire on the Darkweb (of which we have already spoken) a network of infected machines that would attack for 24 hours any company we know. Can you imagine if your competition decides to attack you just when you’re presenting a new product? The impact could make the whole product presentation campaign fail! So we must be prepared and invest in a good infrastructure of servers, firewalls and so on when the availability of these depends on our business.

GitHub report: https: / / githubenzineering.com / ddos-incident-report /