Saturday, May 18, 2013

[US] 24.10.124.228 - AS33651

General Information:


Attacked IP: 24.10.124.228
Country: United States

Start: 2013-05-18 08:52:08
End: 2013-05-18 08:54:21
Duration: 2 minute(s)
Average query rate: 229 per minute

Requested DNS record: isc.org
Query count: 458

IPrange: 24.10.0.0/17
AS Number: Comcast Cable Communications, Inc.
ISP: AS33651

IP has a reverse DNS value of: c-24-10-124-228.hsd1.ca.comcast.net

This IP was only seen today


Observed 1 attack:
  • Attack 1 from 8:00 till 9:00
Details of the DNS Amplification attack:


Requested DNS record: isc.org
Query count: 458


Start: 2013-05-18 08:52:08
End: 2013-05-18 08:54:21
Duration: 2 minute(s)
Average query rate: 229 per minute

All request were made with the DNS id: 0x1d42 / 7490

Average query size: 78 bytes
Average response size: 325 bytes

Amplification: 316%

Total query size: 35724 bytes / 34 kilobytes
Response size: 148850 bytes / 145 kilobytes
TotalBandwidth: 184574 bytes / 180 kilobytes

All observed queries were made with a TTL of: 116

Because of this I think the attack was most likely performed from a single host rather than by a botnet.

All request were made with a UDP source port of: 49940


>>Read Before Rage<<<

No comments:

Post a Comment