Popular domain registrar and web hosting service Namecheap has been having trouble with an unexpected DDoS attack targeting 300 or so domains on two of their their DNS nameservers.
“The sheer size of the attack overwhelmed many of our DNS servers resulting in inaccessibility and sluggish performance. Our initial estimates show the attack size to be over 100Gbps, making this one of the largest attacks anyone has seen or dealt with. And this is a new type of attack, one that we and our hardware and network partners had not encountered before,” Namecheap CEO Richard Kirkendall and Vice President Matt Russell shared in a post.
The attack started around 15.55 GMT / 11.55 EST on Thursday, and was fully mitigated three hours later, but it took some time for all the company’s DNS services to return back to normal.
“Our DNS platform is a redundant, global platform spread across 3 continents and 5 countries that handles the DNS for many of our customers. This is a platform meticulously maintained and ran, and a platform that successfully fends off other DDoS attacks on an almost-daily basis,” the two explained, but added that they still struggled to keep their services available to the customers.
“It took us around 3 hours to fully mitigate the attack, working closely with our hardware and network vendors,” they further shared, and announces improvements to prevent similar attacks in the future: “We are bringing forward a key DNS infrastructure enhancement program that will see us massively expand the size of our DNS infrastructure and our ability to absorb and fend off attacks like these.”
The size of the attack is not the biggest one ever seen, as a 300 gigabits per second (at peak hours) DDoS was aimed against Spamhaus last year, and only recently Cloudflare revealed their infrastructure having been subjected to one reaching 400 gigabits per second.
Nevertheless, DDoS attacks are becoming a serious nuisance, especially since attackers have started exploiting vulnerable NTP servers to mount massive reflection attacks.
It is still unknown if Namecheap’s servers were hit with that particular type of DDoS – Kirkendall and Russell only said it was “a new type of attack.” Given that NTP reflection attacks aren’t that new and unknown, I wonder if they witnessed another, still (largely) unknown and unused type of attack.