Friday, May 17, 2013

[US] 178.18.19.140 - AS36167

General Information:


Attacked IP: 178.18.19.140
Country: United States

Start: 2013-05-17 02:20:05
End: 2013-05-17 21:26:23
Duration: 19:6:00
Average query rate: 0.0357766143106

Requested DNS record: directedat.asia
Query count: 41

IPrange: 178.18.16.0/22
AS Number: US
ISP: AS36167

This IP has been seen on the following days:

  • 15-May-2013 4x
  • 16-May-2013 6x
  • 17-May-2013 41x

Observed 1 attack:
  • Attack 1 from 2:00 till 22:00
Details of the DNS Amplification attack:


Requested DNS record: directedat.asia
Query count: 41


Start: 2013-05-17 02:20:05
End: 2013-05-17 21:26:23
Duration: 19:6:00
Average query rate: 0.0357766143106

Following DNS query ID's observed:

  • 0x20c5 4x
  • 0x81bf 28x
  • 0x9e7d 2x
  • 0x267d 7x

Average query size: 86 bytes
Average response size: 203 bytes

Amplification: 136%

Total query size: 3526 bytes / 3 kilobytes
Response size: 8326 bytes / 8 kilobytes
TotalBandwidth: 11852 bytes / 11 kilobytes

All observed queries were made with a TTL of: 243

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

Unique query UDP source ports observed: 41


>>Read Before Rage<<<

No comments:

Post a Comment