Github was hit by 1.35Tb DDoS attack establishing a new record
This week GitHub was hit by 1.35Tb DDoS attack. It thus established a new record. After few minutes the attack was mitigated by Akamai, who was called in by GitHub.
Interestingly, the attackers used misconfigured Memcached servers to amplify the DDoS attack.
Memcached servers that are exposed to the world offer a huge attack multiplier - for each byte sent to them with a spoofed sender's address, you can expect a 51 kbyte response sent to the faked address. As a result, attackers can achieve the effect of 51,000 times more powerful than if they attacked the victim's server directly, further hiding their identity.
You can read more here: https://githubengineering.com/ddos-incident-report/
...and here: https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
What are your thoughts? Will you update your Memcached configuration now?