Friday, May 17, 2013

[DE] 87.164.31.21 - AS3320

General Information:


Attacked IP: 87.164.31.21
Country: Germany

Start: 2013-05-17 16:15:47
End: 2013-05-17 16:36:35
Duration: 20 minute(s)
Average query rate: 211 per minute

Requested DNS record: isc.org
Query count: 4223

IPrange: 87.128.0.0/10
AS Number: Deutsche Telekom AG, Internet service provider
ISP: AS3320

IP has a reverse DNS value of: p57A41F15.dip0.t-ipconnect.de

This IP was only seen today


Observed 1 attack:
  • Attack 1 from 16:00 till 17:00
Details of the DNS Amplification attack:


Requested DNS record: isc.org
Query count: 4223


Start: 2013-05-17 16:15:47
End: 2013-05-17 16:36:35
Duration: 20 minute(s)
Average query rate: 211 per minute

All request were made with the DNS id: 0x1d42 / 7490

Average query size: 78 bytes
Average response size: 325 bytes

Amplification: 316%

Total query size: 329394 bytes / 321 kilobytes
Response size: 1372475 bytes / 1340 kilobytes
TotalBandwidth: 1701869 bytes / 1661 kilobytes

All observed queries were made with a TTL of: 106

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

The following 2 query UDP source port values were observed:

  • 55436 3497x
  • 49940 726x


>>Read Before Rage<<<

No comments:

Post a Comment