Friday, May 17, 2013

[FR] 83.205.219.233 - AS3215

General Information:


Attacked IP: 83.205.219.233
Country: France

Start: 2013-05-17 13:35:31
End: 2013-05-17 13:36:35
Duration: 1 minute(s)
Average query rate: 705 per minute

Requested DNS record: isc.org
Query count: 705

IPrange: 83.205.0.0/16
AS Number: Dummy description for 83.205.0.0/16AS3215
ISP: AS3215

IP has a reverse DNS value of: ABayonne-651-1-379-233.w83-205.abo.wanadoo.fr

This IP was only seen today


Observed 1 attack:
  • Attack 1 from 13:00 till 14:00
Details of the DNS Amplification attack:


Requested DNS record: isc.org
Query count: 705


Start: 2013-05-17 13:35:31
End: 2013-05-17 13:36:35
Duration: 1 minute(s)
Average query rate: 705 per minute

All request were made with the DNS id: 0x1d42 / 7490

Average query size: 78 bytes
Average response size: 325 bytes

Amplification: 316%

Total query size: 54990 bytes / 53 kilobytes
Response size: 229125 bytes / 223 kilobytes
TotalBandwidth: 284115 bytes / 277 kilobytes

All observed queries were made with a TTL of: 106

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

All request were made with a UDP source port of: 49940


>>Read Before Rage<<<

No comments:

Post a Comment