GitHub DDoS'd via Chinas Great Firewall

Erinnert Ihr Euch an die rätselhafte DDoS-Attacke, die anscheinend von der chinesischen Zensur-Infrastruktur ausging und über alte Piratebay-Tracker zufällige Websites angriff? Die haben ihre Technik anscheinend verfeinert und in den letzten Tagen GitHub angegriffen:

China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub. See our "TTL analysis" at the end of this blog post to see how we know this is a Man-on-the-side attack.

In short, this is how this Man-on-the-Side attack is carried out:
1. An innocent user is browsing the internet from outside China.
2. One website the user visits loads a javascript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).
3. The web browser's request for the Baidu javascript is detected by the Chinese passive infrastructure.
4. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user's browser to continuously reload two specific pages on GitHub.com.

Netresec: China's Man-on-the-Side Attack on GitHub (via Alex)