华强北水货

 找回密码
 立即注册
华强北水货 门户 前沿科技 查看主题

New world record DDoS attack hits 1.7Tbps days after landmark GitHub outage

发布者: yh6788 | 发布时间: 2018-3-6 23:29| 查看数: 1630| 评论数: 1|帖子模式

Just a week after code repository GitHub was knocked offline by the world's largest recorded distributed denial-of-service (DDoS) attack, the same technique has been used to direct an even bigger attack at an unnamed US service provider.
According to DDoS protection outfit Arbor Networks, that US service provider survived an attack that reached an unprecedented 1.7Tbps.
Last week Arbor, Cloudflare and Akamai reported an uptick in amplification attacks that abuse memcached servers to ramp up by traffic by a factor of 50,000.
Within a day of Cloudflare reporting that attackers were abusing open memcached servers to power DDoS attacks, GitHub was taken offline for about 10 minutes by an attack that peaked at 1.35Tbps.
memcached-earth.png
Memcached is a caching system to optimize websites that rely on external databases. Memcached-enabled servers shouldn't be left exposed to the internet, although at any given time over 100,000 are, according to Rapid7.
The attacks involve spoofing a target's IP address to the default UDP port on available memcached amplifiers, which return much larger responses to the target.
The attacks appear to be getting larger by the day. Before the attack on GitHub, Arbor Networks reported seeing attacks exceeding 500Gbps.
Arbor Networks' Carlos Morales predicts memcached attacks won't be going away any time soon because of the number of exposed memcached servers.
"While the internet community is coming together to shut down access to the many open memcached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit," he wrote.
Morales' colleague, Roland Dobbins believes the memcached DDoS attacks were initially used exclusively by skilled attackers who launched attacks manually, but now they've been automated via rental 'booter' or 'stressor' botnets.
He notes that the potential for abusing memcached servers in application attacks was revealed by Chinese researchers in November 2017, but that as early as 2010 researchers had discovered widespread insecure memcached servers across the world.
As Ars Technica reports, some people attacking memcached servers are attaching a ransom note instructing targets to "Pay 50 XMR" or the equivalent of $18,415 to a specified wallet.

最新评论

回复 erer 发表于 2018-3-8 09:22
470P打英雄联盟全开没压力。
*滑动验证:
高级模式
B Color Image Link Quote Code Smilies

本版积分规则

 
 
售前咨询
技术支持
淘宝阿里旺旺
沟通交流群:
水货thinkpad笔记本
工作时间:
11:00-22:00
客服热线:
4008315311
及时回复,请用QQ联系。
微信联系我们
公告:
福利:深圳市区试运行免费送货服务,包括罗湖区、福田区、南山区。其它区送货收100元车的油费,谢谢合作。
近期发现多个骗子冒充我站工作人员,意图欺骗不懂的小白,请广大客户认准华强北商行官方网站渠道购买商品,以保证您所购商品是商行正品的真货以及安全的资金流向。
X280有可能是最后一款12.5"的笔记本,thinkpad明天不会发布X290,替代的是13.3"的X390。

QQ|手机版|华强北商行 ( 粤ICP备17062346号-2 )

JS of wanmeiff.com and vcpic.com Please keep this copyright information, respect of, thank you!JS of wanmeiff.com and vcpic.com Please keep this copyright information, respect of, thank you!

|网站地图 公司简介 联系方式 版权所有@

GMT+8, 2019-10-21 21:49 , Processed in 0.124992 second(s), 26 queries .

Powered by Discuz! X3.4

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表