Attacked IP: 178.18.19.140
Country: United States
Start: 2013-05-17 02:20:05
End: 2013-05-17 19:23:18
Duration: 17:3:00
Average query rate: 0.030303030303
Requested DNS record: directedat.asia
Query count: 31
IPrange: 178.18.16.0/22
AS Number: US
ISP: AS36167
This IP has been seen on the following days:
- 15-May-2013 4x
- 16-May-2013 6x
- 17-May-2013 32x
Observed 1 attack:
- Attack 1 from 2:00 till 20:00
Requested DNS record: directedat.asia
Query count: 31
Start: 2013-05-17 02:20:05
End: 2013-05-17 19:23:18
Duration: 17:3:00
Average query rate: 0.030303030303
Following DNS query ID's observed:
- 0x20c5 3x
- 0x81bf 28x
Average query size: 86 bytes
Average response size: 202 bytes
Amplification: 135%
Total query size: 2666 bytes / 2 kilobytes
Response size: 6266 bytes / 6 kilobytes
TotalBandwidth: 8932 bytes / 8 kilobytes
All observed queries were made with a TTL of: 243
Because of this I think the attack was most likely performed from a single host rather than by a botnet.
Unique query UDP source ports observed: 31
No comments:
Post a Comment