Wednesday, May 1, 2013

[NL] 134.19.181.30 - GLOBALLAYERGlobalLayerB.V.

General Information:


Attacked IP: 134.19.181.30
Country: Netherlands

Attack started: 2013-05-01 04:30:37
Attack stopped: 2013-05-01 16:27:38
Duration: 11:57
Query Rate: 0.1059972106

IP is in the range: 134.19.176.0/20 which is part of: GLOBALLAYERGlobalLayerB.V.
with AS number: AS57172 which operates from: NL

Details of the DNS Amplification attack:

The following hostnames were observed:

  • isc.org 4
  • directedat.asia 72

Query count: 76

Following DNS query ID's observed:

  • 0xbc31 12
  • 0x350f 12
  • 0x7737 12
  • 0xfc55 2
  • 0x4a17 2
  • 0x13fb 12
  • 0x5623 12
  • 0x26a3 12

Query size in bytes: 6504
Response size in bytes: 15448
TotalBandwidth in bytes: 21952

Amplification: 137%

All observed queries were made with a TTL of: 247

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

Unique query UDP source ports observed: 16


>>Read Before Rage<<<

No comments:

Post a Comment