Targeted hit of 1.7Tbps beats the record set last week when GitHub was forced offline
Just days after GitHub was subjected to the largest-ever distributed denial-of-service (DDoS) attack, the record has been broken in an assault aimed at a US service provider.
The 1.7Tbps attack was uncovered by Arbor Networks after the Netscout security firm confirmed it employed a similar technique to the GitHub incident.
But thanks to security measures already in place, the unnamed service provider wasn’t knocked offline.
The former largest attack was recorded by GitHub, which received 1.35Tbps of traffic just five days previously.
This caused the site to crash, forcing it offline for 10 minutes.
Carlos Morale, vice president of sales, engineering, and operations at Arbor Networks, said: “Netscout Arbor can confirm a 1.7Tbps reflection/amplification attack targeted at a customer of a US-based Service Provider has been recorded by our ATLAS global traffic and DDoS threat data system.”
Attackers used Memcached servers to amplify the attack on the service provider by 51,000 times.
Memcrashing occurs when attackers use free and open Memcashed servers to manipulate the User Datagram Protocol (UDP) packet into employing more than 50,000 times the amount of data received in a command, and directing the traffic to one internet address.
Therefore, only a small amount of computers using Memcrashing can be successful in firing huge amounts of traffic – as in both this and in GitHub’s case.
Moral added: “The attack was based on the same Memcached reflection/amplification attack vector that made up the Github attack.
“While the internet community is coming together to shut down access to the many open Memcached servers out there, the sheer number of servers running Memcached openly will make this a lasting vulnerability that attackers will exploit.”
Last week’s attack against GitHub, uncovered by Akamai, was also accompanied by a ransom demand, a spokeswoman confirmed.