Github able to withstand a massive DDoS

[Darkmaster29]

OP: https://www.wired.com/story/github-ddos-memcached/

 

Using memcached servers, allegedly chinese state sponsored hackers were able to launch a massive DDoS attack to the Github servers for over 1Tbps of load. When github realized this they relay all the traffic to their DDos Mittigation service with Akamai Tech.

 

The whole attack lasted between 15-20 minutes. ThousandEyes was able to determine that the traffic payload was over 1.3 Tbps.

 

Quote

Wow!

Known as an amplification attack, this type of DDoS has shown up before. But as internet service and infrastructure providers have seen memcached DDoS attacks ramp up over the last week or so, they've moved swiftly to implement defenses to block traffic coming from memcached servers.

"Large DDoS attacks such as those made possible by abusing memcached are of concern to network operators," says Roland Dobbins, a principal engineer at the DDoS and network-security firm Arbor Networks who has been tracking the memcached attack trend. "Their sheer volume can have a negative impact on the ability of networks to handle customer internet traffic."

[Lurick]

Just a note, it should be Tbps not TB.

Little b = bits per second

Big B = Bytes per second

 

 

On topic:

I can definitely see these types of attacks getting more frequent and more powerful over the next several years. Going to take a lot of careful planning to be able to stop them swiftly without impacting user experience as well.

[mynameisjuan]

While quite impressive....fucking incredible actually....but no one seems to mention the fact that the ISPs was able to handle such a large amount of traffic. 

[ItsMitch]

They must be paying a literal boat load to keep the servers up then if they can withstand it, jesus. 

[Darkmaster29]

2 minutes ago, Lurick said:

Just a note, it should be Tbps not TB.

Little b = bits per second

Big B = Bytes per second

 

 

On topic:

I can definitely see these types of attacks getting more frequent and more powerful over the next several years. Going to take a lot of careful planning to be able to stop them swiftly without impacting user experience as well.

Thanks, just fixed the TBPS to Tbps. Thanks for that correction. 

[FreeDev]

Honestly at this point, I am wondering why we haven't start cutting off China and Russian internet from the rest of the world internet, sure, it wouldn't completely block them out, but it would drastically reduce the amount of bandwidth that they are able to utilize to attack us with and quite frankly, they simply aren't going to be responsible on how they use the Internet. It have already gotten to a point that anytime you started up a new Virtual Server on Linode, Ovh, or DigitalOcean, you'll almost always see an attack coming from China or Russia trying to log into your VM Server via SSH and sometime they would try to DDOS your server as a ransom and drive up your internet usage bills.

[Zodiark1593]

A shame no insurance companies will provide insurance for DDOS.

[Bcat00]

As silly as i find this news article to be, does anyone actually believe it's coming from China?

It's not even funny how easy it is to rent these services from across the globe, and don't get me started on how unsafe the electronics are in china. Literally you can get some random college student and have them hack some random uninvolved user in china and use their IP for all sorts of shit.

They have like almost no protection in mind when it comes to manufacturing electronics. It's build, push it out, and build more with no thought on security. 

[mynameisjuan]

8 minutes ago, Zodiark1593 said:

A shame no insurance companies will provide insurance for DDOS.

Its an untraceable attack that can happen from literally anywhere in the world at anytime and are constant. Insurance is really meant for emergencies or catastrophes. If insurance did cover DDOS they would literally be draining money constantly. 

[Guest The Viking]

35 minutes ago, FreeDev said:

Honestly at this point, I am wondering why we haven't start cutting off China and Russian internet from the rest of the world internet, sure, it wouldn't completely block them out, but it would drastically reduce the amount of bandwidth that they are able to utilize to attack us with and quite frankly, they simply aren't going to be responsible on how they use the Internet. It have already gotten to a point that anytime you started up a new Virtual Server on Linode, Ovh, or DigitalOcean, you'll almost always see an attack coming from China or Russia trying to log into your VM Server via SSH and sometime they would try to DDOS your server as a ransom and drive up your internet usage bills.

I wonder why we haven't cut USA from internet yet either, would have a lot less bullsh*t all over the place...

 

See? same argument.

 

6 minutes ago, Bcat00 said:

As silly as i find this news article to be, does anyone actually believe it's coming from China?

It's not even funny how easy it is to rent these services from across the globe, and don't get me started on how unsafe the electronics are in china. Literally you can get some random college student and have them hack some random uninvolved user in china and use their IP for all sorts of shit.

They have like almost no protection in mind when it comes to manufacturing electronics. It's build, push it out, and build more with no thought on security. 

Usually it's "farms". For example, the youtube and instagram or twitter followers you can buy for nothing, it's actually a bunch of accounts they made and manually follow you. You can find some articles around, the homemade ones are shops with hundreds of phones on a wall and the worker just taps the follow button each time somebody pays. Sure they now use bots but still.

Does it come from China and such? Probably up to a certain point, yes. It's just a lot more difficult to do from here I guess?

[FreeDev]

1 minute ago, The Viking said:

I wonder why we haven't cut USA from internet yet either, would have a lot less bullsh*t all over the place...

 

See? same argument.

 

Usually it's "farms". For example, the youtube and instagram or twitter followers you can buy for nothing, it's actually a bunch of accounts they made and manually follow you. You can find some articles around, the homemade ones are shops with hundreds of phones on a wall and the worker just taps the follow button each time somebody pays. Sure they now use bots but still.

Does it come from China and such? Probably up to a certain point, yes. It's just a lot more difficult to do from here I guess?

So you're perfectly fine with getting DDOS'd day in and day out anytime China DDOSer feels like it? Hmm ok.

 

I think countries should have privileges taken away on the Internet if they don't do anything to regulate on how Internet should be used. China already have Great Firewall of China set up and yet they won't regulate it.

[Bcat00]

Just now, FreeDev said:

So you're perfectly fine with getting DDOS'd day in and day out anytime China DDOSer feels like it? Hmm ok.

You make it sound like the western world don't DDOS people lol

The US is infamous in the Eastern world for spying and sabotage, you don't see that get thrown around in american news now do you?

[FreeDev]

You realize that we arrest DDOSer in Western Countries right?

 

https://www.securityweek.com/dozens-teens-arrested-over-ddos-attacks

http://www.zdnet.com/article/us-male-arrested-for-string-of-ddos-attacks-against-australia-north-america/

http://www.zdnet.com/article/ddos-attacks-how-an-18-year-old-got-arrested-for-trying-to-knock-out-systems/

 

I don't find anything like that in China/Russia.

[Guest The Viking]

Just now, Bcat00 said:

You make it sound like the western world don't DDOS people lol

The US is infamous in the Eastern world for spying and sabotage, you don't see that get thrown around in american news now do you?

this

 

[Bcat00]

Just now, FreeDev said:

You realize that we arrest DDOSer in Western Countries right?

 

https://www.securityweek.com/dozens-teens-arrested-over-ddos-attacks

 

I don't find anything like that in China/Russia.

And so what if they get arrested? Doesn't mean they don't do it. Asian countries arrest people for DDOS too, just government don't care or have the resources to track it down.

Come on man, you are just fighting a losing battle here

[FreeDev]

Just now, Bcat00 said:

And so what if they get arrested? Doesn't mean they don't do it. Asian countries arrest people for DDOS too, just government don't care or have the resources to track it down.

Come on man, you are just fighting a losing battle here

You treat a discussion as a competition, so you've already lost when you just toss away arguments without sourcing it. Anyway, I've concluded that no valid discussion can be had on this forum which is sad.

[Bcat00]

1 minute ago, FreeDev said:

You treat a discussion as a competition, so you've already lost when you just toss away arguments without sourcing it. Anyway, I've concluded that no valid discussion can be had on this forum which is sad.

What you expect when you write something so silly?

[Guest The Viking]

Now the real question is, why would you ddos GitHub? Don't they just have free software made by random devs? 

 

The article doesn't mention much behind the reason of the attack, just the way they managed to divert it.

 

Quote

“We modeled our capacity based on fives times the biggest attack that the internet has ever seen,” Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. “So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope."

can i have some of that bandwith please?  

[Blademaster91]

1 hour ago, FreeDev said:

You treat a discussion as a competition, so you've already lost when you just toss away arguments without sourcing it. Anyway, I've concluded that no valid discussion can be had on this forum which is sad.

Whenever it involves the US here people seem to love getting in tinfoil hat arguments that only the evil US ever spies or interferes with anyone.

1 hour ago, Bcat00 said:

What you expect when you write something so silly?

How was it silly when they posted links for proof? The west actually takes ddos-ing seriously,no need to add whataboutism and make it a competition.

[Cole5]

Damn thats incredible, also yay for china, proving once again they cant be trusted to have access to the global porn sharing network 

[Curufinwe_wins]

3 hours ago, FreeDev said:

So you're perfectly fine with getting DDOS'd day in and day out anytime China DDOSer feels like it? Hmm ok.

 

I think countries should have privileges taken away on the Internet if they don't do anything to regulate on how Internet should be used. China already have Great Firewall of China set up and yet they won't regulate it.

You don't get it...

 

The strongest attacks are government sanctioned. You want to punish the people for the acts of their government with methods that cannot affect the government itself. Good luck preventing the Chinese government from launching its own ddos attacks. 

 

Regulating internet traffic on a country by country level without clear universal law on what is an isn't acceptable use is the best ticket you could hand to endorsing the suppression of free speech and censorship of the population.

[DaRk0]

9 hours ago, FreeDev said:

Honestly at this point, I am wondering why we haven't start cutting off China and Russian internet from the rest of the world internet, sure, it wouldn't completely block them out, but it would drastically reduce the amount of bandwidth that they are able to utilize to attack us with and quite frankly, they simply aren't going to be responsible on how they use the Internet. It have already gotten to a point that anytime you started up a new Virtual Server on Linode, Ovh, or DigitalOcean, you'll almost always see an attack coming from China or Russia trying to log into your VM Server via SSH and sometime they would try to DDOS your server as a ransom and drive up your internet usage bills.

It should work both ways then as western countries are attacking eastern countries as well. You just don’t hear about it in the West because West is always right and rest of the world is wrong. Good guys vs bad guys mentality basically. Extremely wrong approach since western countries are far from good guys, but I'll leave it like this before I get too political.

[Master Disaster]

I'm really interested what these mitigation services do with the data? I mean they can't just make it disappear so they have to send it somewhere and I highly doubt they've got the bandwidth or infrastructure in their internal network to just sinkhole 1Tbps of data stream.

 

Maybe they have? I genuinely don't know?

[leadeater]

12 minutes ago, Master Disaster said:

I'm really interested what these mitigation services do with the data? I mean they can't just make it disappear so they have to send it somewhere and I highly doubt they've got the bandwidth or infrastructure in their internal network to just sinkhole 1Tbps of data stream.

 

Maybe they have? I genuinely don't know?

 

The big DDoS protection providers actually do have immense bandwidth capabilities.

 

Quote

The worldwide distribution and massive scale of the Akamai Intelligent Platform™ enables Web sites to stay available without re-routing traffic or impacting performance. Akamai handles over 20Tbps of traffic daily on average and has handled peak traffic flows of over 36Tbps DDoS mitigation capabilities are implemented natively in path so protection is provided only one network hop from the point of request—NOT at the customer origin.

https://www.akamai.com/us/en/resources/protect-against-ddos-attacks.jsp

 

Quote

Comprehensive DDoS protection capabilities

To provide enterprises with superior DDoS protection, Kona Site Defender includes:

• Network-Layer Controls: by defining and enforcing IP whitelists and blacklists, you can allow or restrict requests from specific geographical regions and certain IP addresses.
• Application-Layer Controls: pre-defined, configurable application-layer firewall rules let you address categories such as protocol violations, request limit violations, HTTP policy violations and more.
• Adaptive Rate Controls: by monitoring and controlling the rate of requests against applications, you can automatically protect them against application-layer DDoS and other volumetric attacks.
• Kona Rules: using WAF rules developed and updated by Akamai's Threat Intelligence Team, you can continually address new and emerging web application attacks.
• Security Monitor: get real-time visibility into security events and drill down into attack alerts.
• Site Shield: cloak your origin from the public Internet to protect against direct-to-origin attacks.
• Logging: integrate WAF event logs into security information and event management to increased threat posture awareness.

https://www.akamai.com/uk/en/resources/ddos-protection.jsp

[Master Disaster]

4 minutes ago, leadeater said:

 

The big DDoS protection providers actually do have immense bandwidth capabilities.

 

https://www.akamai.com/us/en/resources/protect-against-ddos-attacks.jsp

 

https://www.akamai.com/uk/en/resources/ddos-protection.jsp

Awesome thanks.

 

Also 36Tbps, whose jealous much? That's freaking insane!

 

That makes this semi feasible...