Friday, May 17, 2013

[US] 168.61.144.13 - AS8075

General Information:


Attacked IP: 168.61.144.13
Country: United States

Start: 2013-05-17 19:43:27
End: 2013-05-17 20:52:19
Duration: 1:8:00
Average query rate: 94 per minute

Requested DNS record: isc.org
Query count: 6440

IPrange: 168.61.0.0/16
AS Number: Exchange Point Networks
ISP: AS8075

This IP was only seen today


Observed 1 attack:
  • Attack 1 from 19:00 till 21:00
Details of the DNS Amplification attack:


Requested DNS record: isc.org
Query count: 6440


Start: 2013-05-17 19:43:27
End: 2013-05-17 20:52:19
Duration: 1:8:00
Average query rate: 94 per minute

All request were made with the DNS id: 0x1d42 / 7490

Average query size: 78 bytes
Average response size: 612 bytes

Amplification: 684%

Total query size: 502320 bytes / 490 kilobytes
Response size: 3941280 bytes / 3848 kilobytes
TotalBandwidth: 4443600 bytes / 4339 kilobytes

All observed queries were made with a TTL of: 106

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

The following 2 query UDP source port values were observed:

  • 35941 4129x
  • 49992 2311x


>>Read Before Rage<<<

No comments:

Post a Comment