|
Graph from Akamai shows inbound traffic in bits per second that reached their edge. The first portion of the attack peaked at 1.35Tbps and a second 400Gbps spike a little after 18:00 UTC. (Source: GitHub)
On February 28th, Akamai reports experiencing a 1.3 Tbps DDoS attack against its customer GitHub. According to Akamai, the incident was the largest attack seen to date, “more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed.” Companies such as Cloudflare have recently warned about increasing number of such amplification attacks using distributed memory caching system or memcached servers, and both Cloudflare and Akamai warn this exploit has the potential to be quite significant due to its capability to drastically amplify an attack.
Akamai reports: “Many other organizations have experienced similar reflection attacks since Monday, and we predict many more, potentially larger attacks in the near future. Akamai has seen a marked increase in scanning for open memcached servers since the initial disclosure. Because of its ability to create such massive attacks, it is likely that attackers will adopt memcached reflection as a favorite tool rapidly. Additionally, as lists of usable reflectors are compiled by attackers, this attack method’s impact has the potential to grow significantly. The good news is that providers can rate limit traffic from source port 11211 and prevent traffic from entering and exiting their networks, but this will take time.”
Sponsored byRadix
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byIPv4.Global
this was not a sustained (continuous) attack. it might have forced a reboot or two. what is the point in that? to do a test and let Akamai report back what peak they achieved?
port 11211? as soon as this port and maybe a few others get well blocked, attackers will figure out how to randomize it. randomization is probably of only minor value, anyway. just having a few ports in the attack can make blocking it so much harder