GitHub down only less than 10 minutes after world’s largest DDoS attack

Victor Barreiro Jr.

This is AI generated summarization, which may have errors. For context, always refer to the full article.

GitHub down only less than 10 minutes after world’s largest DDoS attack
The DDoS attack took advantage of unprotected memcached servers meant to speed up networks, using that power to amplify the data sent to GitHub 50 times over

MANILA, Philippines – Software developer platform Github revealed this week that it had been hit by what is being called the world’s largest distributed denial of service (DDoS) attack. Despite the massive attack, the platform came out mostly unscathed.

A DDoS is a type of cyber attack that attempts to bring down websites or online services by increasing traffic to latter’s infrastructure beyond what it can normally handle. This prevents people from being able to use sites or online services. 

GitHub, in a blog post on Thursday, March 1, outlined the attacker’s actions.

The attackers used what are called “memcached servers” to amplify the strength of the DDoS in what cloud computing service Akamai calls a Memcached UDP reflection attack.

Wired said the attackers took advantage of 100,000 unprotected memcached servers – essentially database caching systems that speed up networks and website loading times – and sent about 10 queries per server to the spoofed IP address of Github.

The memcached servers amplified the data sent by about 50 times, bringing the assault to up to 1.35 Terabits per second (Tbps) of traffic at its peak.

While this would normally take down most sorts of sites or services, Github was basically down for less than 10 minutes following the assault after it enlisted the help of Akamai Prolexic, which helped mitigate the attack by removing and blocking malicious traffic.

Github said it was down on February 28 from 5:21 pm  to 5:26 pm UTC (1:21 am to 1:26 am of March 1, Manila time), then it became only intermittently unavailable from 5:26 pm to 5:30 pm UTC (1:26 pm to 1:30 pm of March 1, Manila time). 

Github added it was “investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers.” By doing so, it hopes to measure and likely improve its response times and hasten the recovery process from an attack. –

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI
Person, Human, Sleeve


Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.