Slashdot Mirror
GitHub Survived the Biggest DDoS Attack Ever Recorded (wired.com)
A 1.35 terabit-per-second DDoS attack hit GitHub all at once last Wednesday. "It was the most powerful distributed denial of service attack recorded to date -- and it used an increasingly popular DDoS method, no botnet required," reports Wired. From the report: GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off. "We modeled our capacity based on fives times the biggest attack that the internet has ever seen," Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. "So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."
Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.
Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.
TFS does give this link: https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
So the answer is, vulnerable memcached servers amplify the packets for anyone who can IP spoof. The attacker doesn't need a botnet, because one accidentally exists already.
Such a shame there are nefarious people who do these DDOS. What a huge waste of time and resources by their target entities to defeat the attacks.
What problem?
Unicode support is just a troll. Nobody would use it for anything except trolling.
What's next? You kids want emojis on /.? Should we just go full 4chan and have images?
TFA doesn't give any detail around this. How does one generate that much traffic without the need of a botnet?
It depends on what you mean by "botnet". The attacker sent spoofed memcached requests to UDP servers, which were then replicated and forwarded to the victim. I some sense, these UDP servers are acting as a "botnet" even though they are not running any malware controlled by the hacker. More info here.
A bigger question is: Cui bono? Why is someone attacking Github?
(...) as a digital system assessed the situation (...)
Who knew those analog steam powered ddos protection engines would go of fashion this fast.
0x or or snor perron?!
Because too many network admins don't bother to read and implement BCP 38 on top of too many network admins leaving memcached servers publicly accessible.
Please explain why it's not OSX's fault it's not able to speak ASCII?
We're hear to listen.
Never happened. True story.
Because macOS / OS X sends a proper apostrophe character, not a prime character. It's an informal standard that's evolved since the 70's that a Prime character is used as an ppostrophe, but the prime character (which is a vertical or near vertical tick) is not an apostrophe, not is it a single quotation mark (ask smart quotes, or unicode characters) - although from a typographical perspective, using a single quotation mark as an apostrophe is a lot closer (or even identical, depending on the font) than using a prime symbol.
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
I know Unicode only dates back as far as the late 80's or early 90's...
Specialist Mac support for creative pros, Melbourne
So clearly a penalty should be applied. Whilst they were tricked into the attack, they were committing the attack. So time for the courts to step in, those who committed the actual attack, should be hauled before the courts to prove they did not do the attack willingly and if they can not, pay the criminal penalty for the attack. Ignorance is not excuse, that is their chosen profession, that is their source of income, they have professional liability and should be held to account.
Should not countries supplying said attack be held liable for the attack, a criminal export for which they are responsible. So hauled before the WTO https://en.wikipedia.org/wiki/..., so that they country attacked by bad digital exports can seek fiscal remediation for the cost of bad digital exports. The source country of the attack can seek to recover that cost from those who committed the attack, their problem.
Chaos - everything, everywhere, everywhen
Oh, the old we're going to be pedantic wankers because we can.
Who gives a flying rats right ring if it is not "technically the correct character", that's the most pedantic stupid shit I've ever heard.
This would be valid if using "a prime character" was confusing in a typical context.
You know what? It's not. Never have I been reading something and had that: "What the fuck is a prime character doing in that word, I'm confused, I'm not sure I can read and understand this."
Never, happened. True story.
It was fairly simple really. What they did was take down Slashdot, which at the time was running on an old 80386 running an old, vulnerability ridden, version of Slackware Linux.
The end result was that thousand, literally thousands, of software developers had nothing to do, and ended up committing long delayed work to Github. Boom. Server down.
You are not alone. This is not normal. None of this is normal.
You can configure osx and ios to send regular ascii quotes and not "smart quotes".
(Sent from a mac)
What's wrong with using a regular unicode apostrophe?
https://www.fileformat.info/in...
What unicode char is OS X using? If it was using apostrophe, it would be perfectly fine.
Here it is again: '
That's a prime character you've used (and that I've used in this sentence too)
The apostrophe character is when you have text substitutions turned on, or something like that. It uses the key on the keyboard which has the single and double quotes on it. The curly apostrophe (smart quotes or typographical quotes) is Opt + ] for the opening single quote and Shift + Opt + ] for the closing single quote, or curly apostrophe: ’
“Here’s the curly apostrophe used in a sentence enclosed in typographical quotes and an ellipsis at the end”
Specialist Mac support for creative pros, Melbourne
It happened for the same reason it happened in 2015:
https://www.theverge.com/2015/...
In short, activists inside and outside of China are using GitHub to write and share code for software to circumvent the government's "Great Firewall" in one way or another...they did not succeed in taking GitHub offline, so they decided to show their technical prowess and their sheer (if amplified) bandwidth abuse potential by conducting a second attack. They're still trying to take GitHub offline, badly, people need to be made more aware this is happening...the last time was only three years ago and it was a shocking attempt at China to try and impose censorship of the Internet, as they see fit, inside the firewall AND out. This isn't a conspiracy theory or conjecture, China are very definitely waging an online "war" of sorts and this is more or less a demonstration of their capabilities.
How am I going to post in Klingon w/o Unicode support?
What's even funnier is how completely false it is. I love a good pedanticism, but this one falls on its face.
The term "prime symbol" or "prime character" only even dates to the 1960s or so. And typewriters already existed, and often had apostrophe and quotation symbols. Any other symbols are typographical or related to accounting. The idea that they would have a special key on a typewriter for writing distances, which is the work ' is doing when it is denoting "prime" (meaning only first, " being being second) but that they would omit an apostrophe, which is a basic symbol necessary for grammatically correct English, it is just completely absurd.
Once you're inside the distortion field, you can just invent your own history on a whim, no problem.
Even funnier, there is a standard convention in computers that when you need a prime symbol but the character set doesn't include it, you use a italicized apostrophe!
That's a prime character you've used
If you're going to be a pedant on the internet, best do your homework first.