Advertisement
Singapore markets close in 2 hours 17 minutes

  • Straits Times Index

    3,285.49
    -2.26 (-0.07%)
     

  • Nikkei

    37,934.76
    +306.28 (+0.81%)
     

  • Hang Seng

    17,718.46
    +433.92 (+2.51%)
     

  • FTSE 100

    8,078.86
    +38.48 (+0.48%)
     

  • Bitcoin USD

    64,322.46
    +108.32 (+0.17%)
     

  • CMC Crypto 200

    1,391.84
    -4.69 (-0.34%)
     

  • S&P 500

    5,048.42
    -23.21 (-0.46%)
     

  • Dow

    38,085.80
    -375.12 (-0.98%)
     

  • Nasdaq

    15,611.76
    -100.99 (-0.64%)
     

  • Gold

    2,350.50
    +8.00 (+0.34%)
     

  • Crude Oil

    84.02
    +0.45 (+0.54%)
     

  • 10-Yr Bond

    4.7060
    +0.0540 (+1.16%)
     

  • FTSE Bursa Malaysia

    1,573.86
    +4.61 (+0.29%)
     

  • Jakarta Composite Index

    7,115.99
    -39.31 (-0.55%)
     

  • PSE Index

    6,592.47
    +17.59 (+0.27%)
     

DNS traffic surge is the culprit behind StarHub's October disruptions

Singapore Business Review
DNS traffic surge is the culprit behind StarHub’s October disruptions

It was not a DDoS attack that affected the service.

The Infocomm Media Development Authority (IMDA) and the Cyber Security Agency of Singapore (CSA) revealed the results of their investigation on StarHub's home broadband network disruptions.

The investigations revealed that the disruptions were caused by a surge in legitimate Domain Name System (DNS) traffic.

To recall, the disruptions occurred on October 22 and 24 last year and was believed to be caused by a Distributed Denial of Service (DDoS) attack. The two incidents affected some StarHub home fibre broadband customers in several parts of Singapore and lasted 130 and 55 minutes respectively.

ADVERTISEMENT

During the incidents, affected customers encountered intermittent difficulties accessing the Internet as StarHub’s DNS servers could not fully handle the high volume web requests.

IMDA required StarHub to engage an independent expert to undertake a review of its DNS and other associated infrastructure, and to ensure that its network is resilient to future incidents of this nature.

Here's more from IMDA:

Initial symptoms bore some similarities to the massive DDoS attacks on DNS service provider Dyn in the United States on 21 October 2016, which affected users worldwide. Hence, IMDA and CSA did not rule out a DDoS attack as a possible cause. However, after an in-depth investigation, IMDA and CSA did not uncover any evidence to suggest that the cause of the incidents was a DDoS attack on StarHub’s network infrastructure. While some unusual DNS requests were identified when the incidents occurred, the type and volume of these requests did not match the profile of a DDoS attack.

Further analysis showed a higher-than-usual build-up in StarHub DNS traffic just before the disruptions occurred. This increase in traffic was largely driven by legitimate DNS requests, and eventually overloaded part of StarHub’s home broadband infrastructure.

The intermittent failure of the DNS servers to respond to some requests resulted in repeated retries from affected customers and could have exacerbated the situation.

In the course of investigations, IMDA and CSA also identified areas of improvement in StarHub’s home broadband network infrastructure. Since the incidents, IMDA notes that StarHub has taken the necessary steps to mitigate future risks. These include boosting its home broadband DNS server capacity and enhancing traffic monitoring.



More From Singapore Business Review