14 DAY TRIAL // On Thursday, a massive distributed denial-of-service (DDOS) attack was launched against the DNS platform of domain registrar and web hosting company Namecheap.
System disruptions were first announced at 11:11 AM EST. According to the company’s representatives, the attack was fully mitigated in around 3 hours. However, the announcement that services had been fully restored came only at 9:50 PM EST.
The attackers targeted the company’s Free DNS and Default v2 nameservers. All customers using freedns1-5.registrar-servers.com and dns1-5.registrar-servers.com have been impacted.
In a statement posted on the company’s status page, Namecheap CEO Richard Kirkendall and VP Matt Russell explained that the attack had targeted around 300 domains on the DNS platform.
“Our DNS platform is a redundant, global platform spread across 3 continents and 5 countries that handles the DNS for many of our customers. This is a platform meticulously maintained and ran, and a platform that successfully fends off other DDoS attacks on an almost-daily basis,” they explained.
“Today, however, I am compelled to announce that we struggled. The sheer size of the attack overwhelmed many of our DNS servers resulting in inaccessibility and sluggish performance. Our initial estimates show the attack size to be over 100Gbps, making this one of the largest attacks anyone has seen or dealt with.”
Kirkendall and Russell noted that this was a “new type of attack,” which their network partners and hardware had not seen before. By “new type of attack” they might be referring to one that abuses the Network Time Protocol (NTP).
If that is the case, the attack could have been much worse. Earlier this month, CloudFlare reported mitigating a 400 Gbps NTP-based DDOS attack. It was so powerful that even CloudFlare’s own network was impacted. At around the same time, OVH and Incapsula also reported mitigating some major NTP amplification attacks.