The 1.35 terabit-per-second DDoS attack hit GitHub all at once, and it used an increasingly popular DDoS method, no botnet required.
GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centres to weed out and block malicious packets. After eight minutes, attackers relented, and the assault dropped off.
Akamai, vice president of web security Josh Shaul, told Wired that he had modelled capacity based on five times the most significant attack that the internet has ever seen so that it could handle 1.3 Tbps.
"But at the same time, we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."
Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defence infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called Memcached servers.
These database caching systems work to speed up networks and websites, but they aren't meant to be exposed on the public internet - anyone can query them, and they'll likewise respond to anyone. About 100,000 Memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a particular command packet that the server will respond to with a much larger reply.