Attacked IP: 134.19.181.30
Country: Netherlands
Attack started: 2013-05-01 04:30:37
Attack stopped: 2013-05-01 16:27:38
Duration: 11:57
Query Rate: 0.1059972106
with AS number: AS57172 which operates from: NL
Details of the DNS Amplification attack:
The following hostnames were observed:
- isc.org 4
- directedat.asia 72
Query count: 76
Following DNS query ID's observed:
- 0xbc31 12
- 0x350f 12
- 0x7737 12
- 0xfc55 2
- 0x4a17 2
- 0x13fb 12
- 0x5623 12
- 0x26a3 12
Query size in bytes: 6504
Response size in bytes: 15448
TotalBandwidth in bytes: 21952
Amplification: 137%
All observed queries were made with a TTL of: 247
Because of this I think the attack was most likely performed from a single host rather than by a botnet.
Unique query UDP source ports observed: 16
No comments:
Post a Comment