Friday, May 17, 2013

[GB] 86.12.60.254 - AS5089

General Information:


Attacked IP: 86.12.60.254
Country: United Kingdom

Start: 2013-05-17 16:58:25
End: 2013-05-17 17:02:42
Duration: 4 minute(s)
Average query rate: 469 per minute

Requested DNS record: isc.org
Query count: 1876

IPrange: 86.0.0.0/11
AS Number: VIRGIN-MEDIA-UK-IP-BLOCK
ISP: AS5089

IP has a reverse DNS value of: cpc22-gate10-2-0-cust253.16-2.cable.virginmedia.com

This IP was only seen today


Observed 1 attack:
  • Attack 1 from 16:00 till 18:00
Details of the DNS Amplification attack:


Requested DNS record: isc.org
Query count: 1876


Start: 2013-05-17 16:58:25
End: 2013-05-17 17:02:42
Duration: 4 minute(s)
Average query rate: 469 per minute

All request were made with the DNS id: 0x1d42 / 7490

Average query size: 78 bytes
Average response size: 325 bytes

Amplification: 316%

Total query size: 146328 bytes / 142 kilobytes
Response size: 609700 bytes / 595 kilobytes
TotalBandwidth: 756028 bytes / 738 kilobytes

All observed queries were made with a TTL of: 106

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

All request were made with a UDP source port of: 49940


>>Read Before Rage<<<

No comments:

Post a Comment