Denial of service
The attack occurred last Wednesday and was detailed by GitHub late last week. Described as a “significant volumetric DDoS attack,” GitHub’s servers were subject to repeated requests for data from “tens of thousands” of coordinated endpoints. The resulting surge in traffic exceeded the company’s capacity, so its services were temporarily unavailable.
According to GitHub, peak traffic from the attack reached 1.35Tbps. The previous record for a DDoS attack was “achieved” during the 2016 campaign against DNS provider Dyn, when traffic exceeding 1Tbps forced sites including Twitter and Netflix offline. The record-breaking traffic barely affected GitHub users though, taking the site offline for just 9 minutes.
READ NEXT: 11 arrested in Icelandic “Big Bitcoin Heist”
In a blog post, GitHub’s engineering team detailed how it managed to mitigate the effects of the attack within minutes of it having started. The company’s automated network monitoring system quickly identified the anomalous traffic. It started issuing notifications to available GitHub engineers, immediately alerting the team to the surging traffic levels.
With the traffic rising, GitHub began to migrate its service to the Akamai CDN platform. This decision provided additional edge network capacity to help mitigate the impacts of the DDoS and keep the service available to users. This process was initiated at 17:26 UTC on Wednesday – 5 minutes after the attack commenced – and completed within 4 minutes. It succeeded in mitigating the attack by blocking it at the edge of Akamai’s cloud.
Automated recovery
The extremely rapid response indicates the effectiveness of automated monitoring services and modern cyber-defence strategies. Although the attacks are getting more sophisticated, cybersecurity solutions are also keeping pace. GitHub suffered intermittent outages for 9 minutes but the service did not completely buckle. Some users may not have experienced any issues with the platform.
GitHub is a popular target for DDoS attacks because of the potential impact on teams and companies if the service goes down. The code repository site is used by millions of programmers and development studios to collaborate on projects and store the source files for software.
READ NEXT: Apple reportedly working on “premium” headphones
Any outage could leave developers unable to work if they can’t push code or use their automated workflows. GitHub said it’s continuing to investigate how it can further improve its monitoring services to increase network resilience, adding it’s “sorry” for the impact to users last week.
“Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention,” said GitHub. “We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR).”
