show image

A US service provider has been hit by the biggest reported DDoS attack in history

A US service provider weathered the biggest ever denial of service attack earlier this month without suffering outages, Netscout Arbor has revealed.

Confirmation of the 1.7Tbps attack comes just days after developer platform Github was taken offline due to the first known terrabit attack.

Netscout Arbor’s Carlos Morales explained in a blog that the two attacks relied on the same memecached reflection amplification attack vector.

“While the internet community is coming together to shut down access to the many open mecached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability,” said Morales. “It is critically important for companies to take the necessary steps to protect themselves.”

Reflection amplification enables assailants to launch huge, obfuscated attacks by turning small requests into much larger responses. The attacker sends a small data packet to a memecached server, and the server responds with tens of thousands of times more data.