Home / News

1.3 Tbps DDoS Attack Against GitHub is Largest Attack Seen to Date, Says Akamai

Graph from Akamai shows inbound traffic in bits per second that reached their edge. The first portion of the attack peaked at 1.35Tbps and a second 400Gbps spike a little after 18:00 UTC. (Source: GitHub)

On February 28th, Akamai reports experiencing a 1.3 Tbps DDoS attack against its customer GitHub. According to Akamai, the incident was the largest attack seen to date, "more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed." Companies such as Cloudflare have recently warned about increasing number of such amplification attacks using distributed memory caching system or memcached servers, and both Cloudflare and Akamai warn this exploit has the potential to be quite significant due to its capability to drastically amplify an attack.

Akamai reports: "Many other organizations have experienced similar reflection attacks since Monday, and we predict many more, potentially larger attacks in the near future. Akamai has seen a marked increase in scanning for open memcached servers since the initial disclosure. Because of its ability to create such massive attacks, it is likely that attackers will adopt memcached reflection as a favorite tool rapidly. Additionally, as lists of usable reflectors are compiled by attackers, this attack method's impact has the potential to grow significantly. The good news is that providers can rate limit traffic from source port 11211 and prevent traffic from entering and exiting their networks, but this will take time."

By CircleID Reporter – CircleID's internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Not sustained By Phil Howard  –  Mar 02, 2018 7:51 pm PDT

this was not a sustained (continuous) attack.  it might have forced a reboot or two.  what is the point in that?  to do a test and let Akamai report back what peak they achieved?

port 11211?  as soon as this port and maybe a few others get well blocked, attackers will figure out how to randomize it.  randomization is probably of only minor value, anyway.  just having a few ports in the attack can make blocking it so much harder

Add Your Comments

 To post your comments, please login or create an account.




Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Management

Sponsored byMarkMonitor

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex

IPv4 Markets

Sponsored byIPXO