The web monitoring and network intelligence firm ThousandEyes observed the GitHub attack on Wednesday. To attackers, though, the beauty of memcached DDoS attacks is there's no malware to distribute, and no botnet to maintain. The attack was impressive for 2015, but DDoS techniques and platforms-particularly Internet of Things–powered botnets-have evolved and grown increasingly powerful when they’re at their peak. The platform faced a six-day barrage in March 2015, possibly perpetrated by Chinese state-sponsored hackers. Wednesday's onslaught wasn't the first time a major DDoS attack targeted GitHub. On Monday, Prolexic defended against a 200 gbps memcached DDoS attack launched against a target in Munich. Most of the memcached DDoS attacks CenturyLink has seen top out at about 40 to 50 gigabits per second, but the industry had been increasingly noticing bigger attacks up to 500 gbps and beyond. It’s another thing to see it actually play out how you’d hope." "We’ve seen about 300 individual scanners that are searching for memcached boxes, so there are at least 300 bad guys looking for exposed servers," Drew adds. And companies need to work quickly to establish these defenses. "We are going to filter that actual command out so no one can even launch the attack," says Dale Drew, chief security strategist at the internet service provider CenturyLink.
And if internet backbone companies can ascertain the attack command used in a memcached DDoS, they can get ahead of malicious traffic by blocking any memcached packets of that length. Groups like Prolexic that defend against active DDoS attacks have already added or are scrambling to add filters that immediately start blocking memcached traffic if they detect a suspicious amount of it. The infrastructure community has also started attempting to address the underlying problem, by asking the owners of exposed memcached servers to take them off the internet, keeping them safely behind firewalls on internal networks. "Their sheer volume can have a negative impact on the ability of networks to handle customer internet traffic." "Large DDoS attacks such as those made possible by abusing memcached are of concern to network operators," says Roland Dobbins, a principal engineer at the DDoS and network-security firm Arbor Networks who has been tracking the memcached attack trend. That barrage peaked at 1.2 terabits per second and caused connectivity issues across the US as Dyn fought to get the situation under control. The scale of the attack has few parallels, but a massive DDoS that struck the internet infrastructure company Dyn in late 2016 comes close. After eight minutes, attackers relented and the assault dropped off. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. GitHub briefly struggled with intermittent outages as a digital system assessed the situation. It was the most powerful distributed denial of service attack recorded to date-and it used an increasingly popular DDoS method, no botnet required. On Wednesday, at about 12:15 pm EST, 1.35 terabits per second of traffic hit the developer platform GitHub all at once.
0 kommentar(er)
