Yesterday morning, developer platform GitHub was hit with what appears to be the biggest DDoS attack ever recorded. 1.35 terabits per second of traffic targeted GitHub, and the service was down for about five minutes from 9:21am PT, and then intermittently unavailable for the following four minutes.
Within 10 minutes, GitHub had automatically called for help from Akamai Prolexic, a DDoS mitigation service. According to WIRED, Prolexic routed all of the traffic coming into and out of GitHub, and after eight minutes, it had located malicious packets, the attackers relented, and the assault dropped off.
Josh Shaul, vice president of web security at Akami told WIRED, “we modeled our capacity based on five times the biggest attack that the internet has ever seen. So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once.”
There are few parallels to the scale of the attack, with GitHub saying there were “over a thousand different autonomous systems across tens of thousands of unique endpoints.” The closest we know of is a DDoS attack that struck internet infrastructure company Dyn in late 2016, which peaked at 1.2 Tbps, and caused connectivity issues across the US. It brought down sites including Twitter, Netflix, Reddit, and CNN, so by comparison, GitHub came out relatively unscathed.
In terms of security, GitHub noted on their engineering blog, “at no point was the confidentiality or integrity of your data at risk.” You can read their full break-down of the event here.
Alanah Pearce is a writer and producer at IGN, and her life-long dream is to go to the International Space Station. That doesn't have anything to do with this article, I just thought you should know. You can find her on Twitter @Charalanahzard.
Aucun commentaire:
Enregistrer un commentaire