Last week, after Akamai confirmed a 1.3Tbps DDoS attack against Github. I published a blog that looked at the last five years of reflection/amplification attack innovation. I hope that it provides a helpful backgrounder on how we got here, to the terabit attack era, because clearly, that’s what we’ve entered.
Today, NETSCOUT Arbor can confirm a 1.7Tbps reflection/amplification attack targeted at a customer of a U.S. based Service Provider has been recorded by our ATLAS global traffic and DDoS threat data system. The attack was based on the same memcached reflection/amplification attack vector that made up the Github attack. It’s a testament to the defense capabilities that this Service Provider had in place to defend against an attack of this nature that no outages were reported because of this.
The previous record recorded by ATLAS was 650Gbps towards a target in Brazil during the summer of 2016.
While the internet community is coming together to shut down access to the many open mecached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit. It is critically important for companies to take the necessary steps to protect themselves including implementation of best current practices described in the following Arbor Security Engineering and Response Team (ASERT) blog.
It is also very important to work with DDoS mitigation service providers, such as Arbor Cloud, that have sufficient scale and expertise to block attacks of this size. Arbor Cloud has been sized to multiple times the largest attack previously recorded. It is well equipped to handle attacks of this scale. Ensure that any DDoS mitigation provider that you engage can say the same.
Until the internet community is able to adjust and make significant progress on memcached servers, we should expect terabit attacks to continue.