On February 28 the Github site was the target of one of the biggest DDOS (denial of service) attacks in history. The attack used a memcached, distributed system vulnerability used to speed up dynamic database-using sites, this service basically has the function of creating a cache of data in RAM to reduce the number of times an external data source (such as a database) must be accessed. And it was just this functionality and ease of caching in RAM that was used to cause a gigantic denial of service attack.
What is Github?
Github offers extra features applied to GIT, one of several File Version Control Systems for programmers and allows you to develop projects where multiple people can contribute simultaneously, allowing you to edit and create new files, allowing changes to not be overwritten in a building of simultaneous code, for example. One of the main applications of Git is precisely this, allowing a file to be edited at the same time by different people. GitHub is a social network for developers and is widely used by developers around the world, offering a variety of functions such as updates and news feeds, followers, and a graph with data on how developers are contributing to the versions of their repositories.
One of the first users of the platform was Linus Trovalds, where he developed the Linux kernel and needed a secure, functional and cooperative repository so the code would be ready quickly and collaboratively. That is, github is one of the world’s largest collaborative repositories for developers, playing a key role in the development of many applications around the world and last week for one of the largest denial-of-service attacks in history.
A denial-of-service (DDoS) attack is constituted as an attack in which multiple computers attack a target, such as a server, site, or other network resource, and overload them, causing a denial of service access to users of the attacked target. The large amount of messages, connection requests, access requests or malformed packets to the target system causes a huge decrease in system speed leading to possible failures and shutdowns, denying service to legitimate users or systems. That is, the attacker creates a gigantic amount of access requests on the target causing them to become overloaded and unable to meet the requests of the real users. This method of attack for a long time was known to operate through the botnets (networks zombies) that are constituted many times by computers infected with some kind of malware. The computers were in control of the invaders, enabling the realization of the false accesses to overload the attacked system. However, this attack with surprising numbers used a new methodology.
Memcached and the vulnerability
The discovery of new amplification vectors that allow very large amplifications rarely occur. This new vulnerability, however, is in this category. If 2018 was still not exciting enough in the information security area, say hello to a new type of denial of service attack: User Datagram Protocol (UDP) amplification via servers and running memcached, an open source caching system, mentioned above. Memcached is only used on computers that are not connected to the internet since they do not require authentication. However, according to Akamai, more than 50,000 servers are vulnerable on the Internet, and can be used to perform DDOS attacks. As pointed out by CloudFlare after undergoing a similar attack: “15 bytes of request triggered 134KB of response. This is amplification factor of 10,000x! In practice we’ve seen a 15 byte request result in a 750kB response (that’s a 51,200x amplification).”
Because of the huge capacity to generate such gigantic attacks, attackers are likely to use memcached as a favorite tool in the next few days. In addition, the measurement is like lists of protections and reflectors of blowers from fuel test trials.
Did you like the text about information security? Take a look at this post containing tips on safe internet browsing.