Attacked IP: 88.191.237.70
Country: France
Start: 2013-05-18 00:46:00
End: 2013-05-18 17:41:57
Duration: 16:55:00
Average query rate: 32 per minute
Requested DNS record: isc.org
Query count: 32930
IPrange: 88.160.0.0/11
AS Number: Paris, France
ISP: AS12322
IP has a reverse DNS value of: 88-191-237-70.rev.dedibox.fr
This IP has been seen on the following days:
- 17-May-2013 8896x
- 18-May-2013 36325x
Observed 5 attacks:
- Attack 1 from 0:00 till 2:00
- Attack 2 from 6:00 till 8:00
- Attack 3 from 10:00 till 11:00
- Attack 4 from 12:00 till 14:00
- Attack 5 from 17:00 till 18:00
Details of attack: 1
Requested DNS record: isc.org
Query count: 5586
Start: 2013-05-18 00:46:00
End: 2013-05-18 01:16:35
Duration: 30 minute(s)
Average query rate: 186 per minute
All request were made with the DNS id: 0x1d42 / 7490
Average query size: 78 bytes
Average response size: 612 bytes
Amplification: 684%
Total query size: 435708 bytes / 425 kilobytes
Response size: 3418632 bytes / 3338 kilobytes
TotalBandwidth: 3854340 bytes / 3764 kilobytes
The following 2 TTL values were observed:
- 116 3232x
- 106 2354x
The following 2 query UDP source port values were observed:
- 27789 2354x
- 49940 3232x
Details of attack: 2
Requested DNS record: isc.org
Query count: 7850
Start: 2013-05-18 06:40:00
End: 2013-05-18 07:08:33
Duration: 28 minute(s)
Average query rate: 280 per minute
All request were made with the DNS id: 0x1d42 / 7490
Average query size: 78 bytes
Average response size: 325 bytes
Amplification: 316%
Total query size: 612300 bytes / 597 kilobytes
Response size: 2551250 bytes / 2491 kilobytes
TotalBandwidth: 3163550 bytes / 3089 kilobytes
The following 2 TTL values were observed:
- 116 5120x
- 106 2730x
The following 2 query UDP source port values were observed:
- 34250 2730x
- 49940 5120x
Details of attack: 3
Requested DNS record: isc.org
Query count: 2981
Start: 2013-05-18 10:17:07
End: 2013-05-18 10:21:40
Duration: 4 minute(s)
Average query rate: 745 per minute
All request were made with the DNS id: 0x1d42 / 7490
Average query size: 78 bytes
Average response size: 325 bytes
Amplification: 316%
Total query size: 232518 bytes / 227 kilobytes
Response size: 968825 bytes / 946 kilobytes
TotalBandwidth: 1201343 bytes / 1173 kilobytes
All observed queries were made with a TTL of: 116
Because of this I think the attack was most likely performed from a single host rather than by a botnet.
All request were made with a UDP source port of: 49940Details of attack: 4
Requested DNS record: isc.org
Query count: 10572
Start: 2013-05-18 12:21:47
End: 2013-05-18 13:56:35
Duration: 1:34:00
Average query rate: 112 per minute
All request were made with the DNS id: 0x1d42 / 7490
Average query size: 78 bytes
Average response size: 325 bytes
Amplification: 316%
Total query size: 824616 bytes / 805 kilobytes
Response size: 3435900 bytes / 3355 kilobytes
TotalBandwidth: 4260516 bytes / 4160 kilobytes
All observed queries were made with a TTL of: 116
Because of this I think the attack was most likely performed from a single host rather than by a botnet.
All request were made with a UDP source port of: 49940Details of attack: 5
Requested DNS record: isc.org
Query count: 5941
Start: 2013-05-18 17:15:52
End: 2013-05-18 17:41:57
Duration: 26 minute(s)
Average query rate: 228 per minute
All request were made with the DNS id: 0x1d42 / 7490
Average query size: 78 bytes
Average response size: 325 bytes
Amplification: 316%
Total query size: 463398 bytes / 452 kilobytes
Response size: 1930825 bytes / 1885 kilobytes
TotalBandwidth: 2394223 bytes / 2338 kilobytes
All observed queries were made with a TTL of: 116
Because of this I think the attack was most likely performed from a single host rather than by a botnet.
All request were made with a UDP source port of: 49940
No comments:
Post a Comment