Attacked IP: 178.18.19.140
Country: United States
Start: 2013-05-17 02:20:05
End: 2013-05-17 21:26:23
Duration: 19:6:00
Average query rate: 0.0357766143106
Requested DNS record: directedat.asia
Query count: 41
IPrange: 178.18.16.0/22
AS Number: US
ISP: AS36167
This IP has been seen on the following days:
- 15-May-2013 4x
- 16-May-2013 6x
- 17-May-2013 41x
Observed 1 attack:
- Attack 1 from 2:00 till 22:00
Requested DNS record: directedat.asia
Query count: 41
Start: 2013-05-17 02:20:05
End: 2013-05-17 21:26:23
Duration: 19:6:00
Average query rate: 0.0357766143106
Following DNS query ID's observed:
- 0x20c5 4x
- 0x81bf 28x
- 0x9e7d 2x
- 0x267d 7x
Average query size: 86 bytes
Average response size: 203 bytes
Amplification: 136%
Total query size: 3526 bytes / 3 kilobytes
Response size: 8326 bytes / 8 kilobytes
TotalBandwidth: 11852 bytes / 11 kilobytes
All observed queries were made with a TTL of: 243
Because of this I think the attack was most likely performed from a single host rather than by a botnet.
Unique query UDP source ports observed: 41
No comments:
Post a Comment