DNS traffic surge is the culprit behind StarHub's October disruptions

It was not a DDoS attack that affected the service.

The Infocomm Media Development Authority (IMDA) and the Cyber Security Agency of Singapore (CSA) revealed the results of their investigation on StarHub's home broadband network disruptions.

The investigations revealed that the disruptions were caused by a surge in legitimate Domain Name System (DNS) traffic.

To recall, the disruptions occurred on October 22 and 24 last year and was believed to be caused by a Distributed Denial of Service (DDoS) attack. The two incidents affected some StarHub home fibre broadband customers in several parts of Singapore and lasted 130 and 55 minutes respectively.

During the incidents, affected customers encountered intermittent difficulties accessing the Internet as StarHub’s DNS servers could not fully handle the high volume web requests.

IMDA required StarHub to engage an independent expert to undertake a review of its DNS and other associated infrastructure, and to ensure that its network is resilient to future incidents of this nature.

Here's more from IMDA:

Initial symptoms bore some similarities to the massive DDoS attacks on DNS service provider Dyn in the United States on 21 October 2016, which affected users worldwide. Hence, IMDA and CSA did not rule out a DDoS attack as a possible cause. However, after an in-depth investigation, IMDA and CSA did not uncover any evidence to suggest that the cause of the incidents was a DDoS attack on StarHub’s network infrastructure. While some unusual DNS requests were identified when the incidents occurred, the type and volume of these requests did not match the profile of a DDoS attack.

Further analysis showed a higher-than-usual build-up in StarHub DNS traffic just before the disruptions occurred. This increase in traffic was largely driven by legitimate DNS requests, and eventually overloaded part of StarHub’s home broadband infrastructure.

The intermittent failure of the DNS servers to respond to some requests resulted in repeated retries from affected customers and could have exacerbated the situation.

In the course of investigations, IMDA and CSA also identified areas of improvement in StarHub’s home broadband network infrastructure. Since the incidents, IMDA notes that StarHub has taken the necessary steps to mitigate future risks. These include boosting its home broadband DNS server capacity and enhancing traffic monitoring.

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.

If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.

Book a meeting

| Or download the media kit (PDF)

240,000 senior readers quarterly in print Top 1,700 Singapore companies reached

7 markets across Southeast Asia