The previous record for the largest DDoS attack was obliterated on Wednesday. It all started on a regular Wednesday night for a software development company. However, by night it was evident that something was looking to infiltrate its servers. It wasn’t long until hard statistics started coming in, which revealed some startling and surprising details. For example, at 1.3 Tbps this was the largest Distributed Denial-of-Server attack ever recorded.
The whole story was reported by GitHub first as it unfolded. It left many experts stunned and scrambling for solutions and answered as they saw history unfold. The ironic part is that the attack was carried out using the help of the Memcached servers that had been launched just a day earlier. While there had been reports that certain vulnerability exists in the servers, nobody expected such rapid exploitation. The attack’s central idea stems from the basic vulnerability that can be found in the UDP protocol implementation of the Memcached servers which usually amplify the incoming packets more than 50,000 times. This means that the vulnerable port on the victim’s side can receive the amplified packet sizes from the attackers’ side almost simultaneously. Memcache servers expose this particular port i.e. port 11211, even on default configuration.
And that’s not even the scariest part. As of right now, there are more than 93,000 Memcached servers that are connected online which sit completely vulnerable to DDoS attacks. An attack exactly of this nature is what seems to have been carried out on Wednesday. The positive news is a little relieving as thwarting such an attack is quite easy. All that a current or even a potential victim has to do is block any and all connections that are actively connected to port 11211 which is the DDoS primary reflection source.
The previous record for the heaviest DDoS attack was suffered by a Fresh hosting provider OVH in 2016. The magnitude of that particular attack was 1 Tbps and it was carried out with the first version of the Mirai IoT malware. Comparatively, it was a lot harder to contain as it had a greater number of varying packets which originated from multiple and random ports.