Google 對 GitHub 先前遭受 GFW 的 DDoS 攻擊的分析

Google Online Security 分析了前陣子 GitHub 被 DDoS 攻擊的行為:「A Javascript-based DDoS Attack as seen by Safe Browsing」。

透過 GoogleSafe Browsing,針對 baidu.com 這個網域的 injection 情況分析:

可以看得出來分成多個不同階段攻擊。其中 AWSCloudFront 承受了不小的壓力,不過畢竟是商用水準的 CDN,沒那麼容易垮掉。後來則是攻擊 GitHub 造成影響而上了新聞。

最終還是繼續推廣 TLS,可以避免中間被 injection 攻擊:

Had the entire web already moved to encrypted traffic via TLS, such an injection attack would not have been possible.

This entry was posted in AWS, CDN, Cloud, Computer, Murmuring, Network, Security, WWW and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

One Response to Google 對 GitHub 先前遭受 GFW 的 DDoS 攻擊的分析

  1. Kuon says:

    有趣的是,那是誰該走 TLS 呢 :P

Leave a Reply

Your email address will not be published. Required fields are marked *