StarHub broadband outages due to legit DNS overload, not DDoS attacks: IMDA


The service outages experienced by StarHub broadband customers last October were the result of a surge in legitimate DNS traffic and not a deliberate cyber attack as the telco initially claimed, according to Singapore’s infocomms regulator.

The Infocomm Media Development Authority (IMDA) and the Cyber Security Agency of Singapore (CSA) announced on Friday they had completed the investigations into the service disruptions on October 22 and 24 that affected some StarHub home fiber broadband customers in several parts of Singapore and lasted 130 and 55 minutes, respectively.

StarHub’s DNS servers were overwhelmed by high volume web requests, which resulted in some customers being unable to get online. At the time, according to a Reuters report, StarHub said it had experienced “intentional and likely malicious distributed denial-of-service (DDoS) attacks” on its domain name servers:

“On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours,” it said in a statement late on Tuesday.

The outages had happened on the heels of a DDoS attack on DNS servers operated by Dyn that had knocked out services for major online services, including Twitter, PayPal and Spotify, among others.

After reviewing the logs of StarHub’s DNS servers and consumer devices that StarHub identified to be responsible for the disruptions, the IMDA and CSA said that while the initial symptoms did bear some resemblance to the DDoS attack on Dyn, the two agencies found no evidence of an actual attack.

“While some unusual DNS requests were identified when the incidents occurred, the type and volume of these requests did not match the profile of a DDoS attack,” the IMDA said in a statement:

Further analysis showed a higher-than-usual build-up in StarHub DNS traffic just before the disruptions occurred. This increase in traffic was largely driven by legitimate DNS requests, and eventually overloaded part of StarHub’s home broadband infrastructure.

The intermittent failure of the DNS servers to respond to some requests resulted in repeated retries from affected customers and could have exacerbated the situation.

The IMDA/CSA investigation also uncovered some problems in StarHub’s home broadband network infrastructure that need fixing. StarHub has since taken steps to mitigate future risks, including boosting its home broadband DNS server capacity and enhancing traffic monitoring, the IMDA said.

Ultimately, StarHub is getting off with a warning from IMDA over the outages. The regulator – who is known to hand out stiff fines for even minor service disruptions – has also required StarHub to engage an independent expert to undertake a review of its DNS and other associated infrastructure to ensure that its network is resilient to future incidents of this nature.

“IMDA will not hesitate to take sterner action should a similar incident happen in future,” the regulator said.

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.