Friday, May 17, 2013

[US] 178.18.19.140 - AS36167

General Information:


Attacked IP: 178.18.19.140
Country: United States

Start: 2013-05-17 02:20:05
End: 2013-05-17 19:23:18
Duration: 17:3:00
Average query rate: 0.030303030303

Requested DNS record: directedat.asia
Query count: 31

IPrange: 178.18.16.0/22
AS Number: US
ISP: AS36167

This IP has been seen on the following days:

  • 15-May-2013 4x
  • 16-May-2013 6x
  • 17-May-2013 32x

Observed 1 attack:
  • Attack 1 from 2:00 till 20:00
Details of the DNS Amplification attack:


Requested DNS record: directedat.asia
Query count: 31


Start: 2013-05-17 02:20:05
End: 2013-05-17 19:23:18
Duration: 17:3:00
Average query rate: 0.030303030303

Following DNS query ID's observed:

  • 0x20c5 3x
  • 0x81bf 28x

Average query size: 86 bytes
Average response size: 202 bytes

Amplification: 135%

Total query size: 2666 bytes / 2 kilobytes
Response size: 6266 bytes / 6 kilobytes
TotalBandwidth: 8932 bytes / 8 kilobytes

All observed queries were made with a TTL of: 243

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

Unique query UDP source ports observed: 31


>>Read Before Rage<<<

No comments:

Post a Comment